More and more companies are deciding to have a presence on the web, regardless of their activity. Some take their first step to the web with pages that inform about their products or services and indicate where they are and how to contact them. Others are launched to have a close relationship with their customers through the web and sell products or services online with the advantages of ubiquitous electronic commerce spread worldwide.
When we decide to have a website, an online store or an electronic commerce platform, if we do not have our staff for its design and operation, SMEs and freelancers leave this task in the hands of technological partners. Even so, in addition to the aesthetic and operational aspects of maintaining the website, the responsibility of complying with the law remains ours. This article will discuss one of the legal aspects that you have to consider when you decide to have a web page or an online store: cookies.
There are many types of cookies. Cookies are small data files that a web server stores in our browser when we visit a page. The purposes of these files are varied, among others to collect information about the user’s browsing habits and their activity within the web, as well as to store access data to the site (username, password, page customization, date of the last visit, etc.) making web browsing more comfortable for the user. Some cookies also allow the user to be tracked between websites, creating an anonymous profile for online marketing companies.
Generally, they do not represent a problem if they are cookies for their use or within the site. Since these have an active mission, if on the contrary, they are third-party cookies, they can collect personal data that could put the user’s privacy at risk.
Although there are several classifications of cookies according to who manages them and their purpose, in this article, we will focus on the most common and used, which are classified according to the time they remain active:
We have seen that consent must be obtained expressly and clearly, but what means can we achieve it?
Through the browser settings (a less efficient method as it depends on the security level of the user’s browser).
There could be some cases in which the non-acceptance of cookies prevents the everyday use, total or partial, of the services provided by the website, in which case, the user must be informed of this situation and offer the user an alternative to access the service without accepting cookies.
This could change with the entry into force of the ePrivacy Regulation. In the current draft, the user must be allowed to browse despite having previously rejected cookies, except those essential for the normal functioning of the site.
The authorities may require compliance with the obligations in the use of cookies to each obligated party. There could be three typical situations of use:
In general terms, given the wide variety of specific situations that could arise when third-party cookies are used, both the person responsible for the website and the other parties involved are responsible for complying with these obligations. The site administrator must provide clear and sufficient information to users, and the third party must ensure that the links to their data are operational. Each party will be responsible for the treatment they carry out of the information collected.
Also Read: How To Delete Cookies In Internet Explorer & Firefox