More and more companies are deciding to have a presence on the web, regardless of their activity. Some take their first step to the web with pages that inform about their products or services and indicate where they are and how to contact them. Others are launched to have a close relationship with their customers through the web and sell products or services online with the advantages of ubiquitous electronic commerce spread worldwide.
When we decide to have a website, an online store or an electronic commerce platform, if we do not have our staff for its design and operation, SMEs and freelancers leave this task in the hands of technological partners. Even so, in addition to the aesthetic and operational aspects of maintaining the website, the responsibility of complying with the law remains ours. This article will discuss one of the legal aspects that you have to consider when you decide to have a web page or an online store: cookies.
What are Cookies?
There are many types of cookies. Cookies are small data files that a web server stores in our browser when we visit a page. The purposes of these files are varied, among others to collect information about the user’s browsing habits and their activity within the web, as well as to store access data to the site (username, password, page customization, date of the last visit, etc.) making web browsing more comfortable for the user. Some cookies also allow the user to be tracked between websites, creating an anonymous profile for online marketing companies.
Generally, they do not represent a problem if they are cookies for their use or within the site. Since these have an active mission, if on the contrary, they are third-party cookies, they can collect personal data that could put the user’s privacy at risk.
Types cookies and functions
Although there are several classifications of cookies according to who manages them and their purpose, in this article, we will focus on the most common and used, which are classified according to the time they remain active:
- Session cookies: data is collected only while the user stays on the website and is deleted.
- Persistent: information is collected that can remain stored for a certain period defined by the website administrator.
Ways to obtain consent
We have seen that consent must be obtained expressly and clearly, but what means can we achieve it?
- When accessing the website, if there is a personalization section;
- When requesting registration in a service (registration procedure);
- Through third parties through specific management platforms;
- Before using a service on the page;
- Through the layer system mentioned above;
Through the browser settings (a less efficient method as it depends on the security level of the user’s browser).
Can I deny access to the web if the user rejects cookies?
There could be some cases in which the non-acceptance of cookies prevents the everyday use, total or partial, of the services provided by the website, in which case, the user must be informed of this situation and offer the user an alternative to access the service without accepting cookies.
This could change with the entry into force of the ePrivacy Regulation. In the current draft, the user must be allowed to browse despite having previously rejected cookies, except those essential for the normal functioning of the site.
- Cookies without the commitment of information or consent
- Own cookies
- Own and third-party cookies
In general terms, given the wide variety of specific situations that could arise when third-party cookies are used, both the person responsible for the website and the other parties involved are responsible for complying with these obligations. The site administrator must provide clear and sufficient information to users, and the third party must ensure that the links to their data are operational. Each party will be responsible for the treatment they carry out of the information collected.