Cookies Policy Update

Cookies Policy Update

On July 11, 2023, the AEPD published its Guidance for updating the use of cookies according to the new European guidelines, specifically on misleading patterns on social networks published by the European Data Protection Committee (Guidelines 03/2022) in the first quarter of the year.

Obligations regarding cookies

There are two obligations imposed by the standard with respect to cookies: the obligation of transparency and the obligation to obtain consent.

Transparency

From the obligation of transparency, we must take into account that:

1- It is necessary to provide a clear definition of what cookies are.

2- Explain briefly and concisely what types of cookies are used on the website, as well as define the purpose of each one of them.

3- Provide effective information on how to accept, reject or manage cookies.

4- If there are data transfers, inform about them: to whom they are transferred, what is transferred, for how long, etc.

5- Conservation period

All this without forgetting that we must always use simple, clear language that does not induce error or interpretation on the part of users, and that is easy to access, it being important that this information is clearly visible from the beginning of the navigation.

Similarly, information should be provided in layers, so that the user can access the information that interests him, with a greater or lesser degree of explanation in its extension (layered information), according to his interest, in such a way as to avoid information fatigue.

Consent

With respect to obtaining consent, this must be express in such a way that it can be demonstrated that the user has given his or her voluntary consent to the use of cookies.

For this we must take into account that:

1- There must be an affirmative action by the user and unequivocal for him that he is accepting the use of cookies on the website, so we can not consider as an “acceptance of the use of cookies” if the user continues browsing the website without this affirmative action.

2- The acceptance of the terms or conditions of use of the website must be separate from the acceptance of the cookies policy.

3- Consent may be obtained:

Whenrequesting registration for a service

Duringthe process of configuring the operation of the web page or application.

Throughconsent management platforms (consent management platform or CMP)

Priorto downloading a service or application offered, for example, on the web site

-Through thelayered information format.

Throughthe browser settings.

What should we pay attention to?

Some of the issues to consider:

  1. When ACCEPTING, REJECTING or CONFIGURING cookies, these three buttons must be fully visible to the user, so that there is no confusion between them.
  2. The configuration panel may not be exposed to the user in such a way that the user perceives that it is mandatory to accept cookies in order to browse the website.
  3. The user is free to accept or not the cookies, so you can not be forced to accept them.
  4. The design used for the acceptance or rejection of cookies must be clear, without the user incurring in a non-voluntary consent.
  5. Cookies may be grouped according to their purpose, clearly stating what this purpose is.
  6. Within the purposes, cookies may also be grouped according to the third party responsible for them, identifying them by name or trademark.
  7. With respect to the withdrawal of consent, it must be possible for the user to withdraw consent in an easy and simple way, and it must be available at any time, for example, with simple and permanent access to the cookie management or configuration system.
  8. Regarding the retention period of the consent, it is recommended that it be updated at appropriate intervals, advising that it should not exceed 24 months.
  9. So-called “cookie walls” that do not offer an alternative to consent, where access to the services and functionalities of the website is subject to the acceptance of cookies, may not be used. It should be noted that such an alternative may not be free of charge to the user.
  10. If the website is aimed at users under 14 years of age, it will be very important that the language used is clear and simple, to ensure full understanding by the user. In addition, the data controller must implement reasonable measures to verify that the consent for the use of cookies was authorized by the parents and/or guardians and not by the minor, in any case, the principle of data minimization shall apply in order to reduce the risks in the processing of personal data of minors.

When should I apply these updates to my Cookies?

The deadline for adapting the use of your cookies is January 11, 2024; in other words, there are still 6 months left for you to make the necessary changes.

Business Adapter® at your service

If you are a client and need advice, please contact your consultant for documentation and instructions.

If you are not yet a customer and you need our help, contact us by email: info@businessadapter.es, you can also call 96 131 88 04, or leave your message in this form:

[su_button url=”https://businessadapter.es/contacto” target=”blank” background=”#f6f903″ color=”#181818″ size=”7″ center=”yes” icon_color=”#000000″]Contact us, we will be pleased to help you.[/su_button]

Contact us, we will be pleased to help you.
error: Content is protected !!