Author: Mgr. Zuzana Burdová, 18. 11. 2021
If you operate a website you probably guessed that we wrote this article especially for you. From 1st January 2022 the regulation on computer cookies changes, therefore in this article we explain main principles of this change and advise how to simply implement this change of rules.
As we provide legal services for many online shops and other entities that will be affected by this change of regulation, we decided to give you an early Christmas gift – a detailed step-list how to handle the new cookies legislation.
Computer cookies are text files containing a small amount of information that are downloaded to your phone, computer or other device during web browsing. If you visit the website again, these cookies files are sent back to the original website or other website that recognizes cookies.
Simply said – by using cookies a website saves information about web browsing. Cookies are typically used in combination with Google Analytics, Sklik, Facebook Pixels, Hotjar, etc.
There are several types of cookies that differ according to what information they store and for what purposes they use these information:
Until 31st December 2021 you do not need consent for using essential cookies, as without them the website cannot work properly. For using other cookies on your website, you need user’s consent, but you do not have to require this consent by a cookie bar.
As it is possible to set in every web browser whether saving of cookies can be allowed or not, every user has the possibility to set this in advance. Such web browser settings is according to The Office for Personal Data Protection considered as a necessary consent, or more precisely, this consent is, till 31st December, presumed in absence of the web browser settings.
Website operator still has to fulfil the information obligation; he/she has to provide website users with this information: who processes cookies, to what extent, for what purpose cookies are processed, to whom cookies may be accessible, how the consent works and how to set up a web browser. The above-mentioned information is usually provided on a website page named “Cookies” or “Cookies Policy”.
If you fulfil the above-mentioned obligation, other cookies can be activated on your website for users until they change their website browser settings or until they inform you in some other way that they disagree with using other cookies. This principle is called opt-out.
From 1st January 2022 you still will not need user’s consent with using essential cookies, as the website cannot work properly without them. For using other cookies on your website, you will need user’s consent, but it will no longer be enough to refer to the web browser settings. It will be necessary to get user’s consent actively using so-called cookie bar, i.e. with the opt-in method. Be aware that you can use other cookies only after you obtain the user’s consent, until the consent is revoked.
The cookie bar should not bother users excessively; so it should not pop up and cover the entire page or its major part.
The cookie bar should contain an option to allow all cookies (known as “allow all”), reject all cookies (except for essential cookies, this option is known as “reject all”) and an option to custom cookies settings (an option named e.g. “manage cookies”) where users can give consent or reject each particular category of cookies. It should be possible to close the cookie bar by a “cross” even without choosing any option.
Consent to the essential cookies my and by its nature must be default and it must not possible to remove it, as without essential cookies the website cannot work properly. Default consent with other cookies is not allowed. Users should actively click on the option “allow” and this option cannot be preselected.
Giving consent should be as easy as withdrawing it. Ideally, buttons on the cookie bar should have the same colour so that one of the options is not instructive or misleading for some users, i.e. quick choice should not be too difficult. At the same time, once the user allows cookies, there should be an option on the website to open the cookie bar again and set cookies again. Alternatively, users should be able to set cookies again on the “Cookies Policy” page, i.e. to withdraw their consent.
The rules that will be effective in the Czech Republic from 1st January 2022 already apply in most EU Member States. The Czech Republic is one of the few countries that implemented this legislation with delay, and therefore we recommend adjusting the cookie bar to above-mentioned rules also for websites that have reach to other EU Member States. Naturally, the cookie bar should be translated to appropriate language so that users are able to understand it.
New EU “e-privacy” regulation, which it should complement GDPR regulation, is being prepared. E-privacy regulation will be directly effective in all EU Member States and one of the areas it should regulate is computer cookies. It is being said that e-privacy regulation will end the use of cookie bars, however, final version of the regulation is not known. So there is no choice but to wait.
2023 is approaching and with it the long-awaited changes in the area of data boxes, which we already drew your attention to in our article in October 2021 Many people were concerned about the impact… More
Have you formed a limited liability company and don´t know what to do now In this article, we will explain what needs to be done and what obligations are necessary following incorporation of a… More
Design by RVLT