Beware of cookies in terms of GDPR

Beware of cookies in terms of GDPR

Currently, most websites use some form of cookies, which usually contain information such as the site name and unique user ID. Commercial websites of banks, online publishers, blogs and e-shops use cookies to analyze websites, ie counting visitors and tracking their behaviour, targeted advertising, storing user preferences or authentication.

Make sure you comply with the law

The use of cookies is specified in both the GDPR and the amendment to the Data Protection Act, and therefore applies to all Member States of the European Union but also to websites outside the EU - these standards must be respected if they target people within Member States.

Cookies are generally divided into basic and irrelevant. Basic cookies are needed to provide the information requested by the user. All other cookies are considered irrelevant. This includes identifiers used for analysis, cookies from advertisers or third parties, including affiliates and individuals that identify the user when returning to the website. GDPR aims to focus on irrelevant cookies.

Until recently, it was enough to post a notice at the bottom or top of the page that cookies were being used. Most of us are familiar with the phrase "this page is using cookies". Although the notice served to inform users, it did not provide them with any other alternative. The aim of GDPR was thus to provide a real and informed choice.

How can you make sure that the cookies on your site comply with the Regulation?

The user should know exactly what types of cookies you use on your site. They must also be given the option of selecting those cookies with which they agree. If it is not necessary for the functionality of the website, it cannot be imposed on the user.

Another case is cookies that are strictly necessary for normal website functions. However, they cannot be disabled because the webpage will no longer work properly.

The GDPR also states that the data subject should be able to withdraw his consent as easily as he has given it. In general, this means that users should be able to withdraw their consent through the same action as when granting it.