The cookies They are data storage and retrieval devices that are downloaded to a user's computer or smartphone when accessing virtually any website or application. Thanks to them, the owner of the website can store certain data which may be subsequently processed for various purposes, usually advertising or improving their own services. Thus, They are very useful tools both for the companies that use them and for the user themselves, who will receive information that is more tailored to their interests and will receive an increasingly intuitive service. However, its use presents a series of risks to the privacy of users.
Isolatedly, the data stored by cookies they may seem of little importance (data about the user's device, previously visited pages, interaction with the website, etc.); However, together and in relation to large amounts of similar data from other users, they can infer behaviors from the user's personality or allow very precise conclusions to be reached about their private life, which implies high risks for their rights and freedoms.
Aware of this, the European legislator established in the Directive 2000/31/EC, transposed into our regulations in the LSSICE, the following obligation for website owners:
"Service providers may use data storage and retrieval devices on recipients' terminal equipment, provided that they have given their consent after being provided with clear and complete information on their use."
In order to use cookies (although more precisely, the data obtained with them) you must ask the user whether you accept them or not. Conceptually, it is not a formal requirement but rather a true feasibility budget for their installation. That is, the fact of ask the question binds the owner of the website to respect the user's response. In turn, as stated by the Article 29 Working Group in its Opinion 15/2011 on the definition of consent, inviting people to accept a data processing operation must be subject to rigorous requirements.
Among these requirements, reflected in the GDPR, we can highlight the need for consent to be informed, that is, it can be given for cause; free, and therefore voluntary; specific and unequivocal or, in other words, lent for something specific without a doubt.
Consequently, any website that uses cookies must ask the user whether or not they accept their use, giving them the real possibility of choosing which types of cookies they accept and which they do not. The important thing is that the user has control over their data and therefore over their privacy.. To achieve this, the great challenge that every company faces is to communicate to its audience in a clear, understandable and transparent way the value and benefits that can be brought to them by maturely and consciously configuring cookies on their device.
Do you want to specialize in Compliance and Data Protection Management?
He Master in Compliance & Data Protection Management will make you a highly qualified professional with the necessary skills to carry out specialized tasks in two of the most relevant areas for both private businesses as for public administrations: data protection and regulatory compliance or Compliance.
