AEPD: "Consent must be freely given. Access to functions on websites must not be made conditional on the consent of the user".
In addition, the guidelines also put an end to continued browsing as a given consent. What does this mean? Because of this, scrolling or swiping through a website will no longer be accepted as consent, as there is no clear and affirmative consent (opt-in).
These new guidelines make the need for a good cookie consent solution all the more important. That's where we/Openli can help you. With our solution your cookies will always be used according to law.
Below you can find some more in-depth information about cookies and what you should be aware of.
Cookies allow the storage in the user's device of amounts of data ranging from a few kilobytes to several megabytes.
Cookies are then sorted according to a number of categories. However, it is necessary to note that the same cookie may be included in more than one category. Depending on which entity manages the computer or domain from which cookies are sent and treats the data obtained, we can distinguish:
In the event that cookies are served from a computer or domain managed by the publisher itself, but the information collected through them is managed by a third party, they cannot be considered as their own cookies if the third party uses them for their own purposes.
Depending on the period of time they remain activated on the device we can distinguish:
The legal obligations imposed by the legislation are two, namely: the obligation of transparency and the obligation to obtain consent. The information about cookies provided at the time of requesting consent must be sufficiently complete to allow users to understand their purposes and the use that will be given to them.
Information or communication should be concise and transparent. The lower the technical level of the average user of that website, the simpler the language used (avoiding understandable technical terminology) and the more complete the information offered, based on the most basic aspects of what cookies are and how they work. In any case, this lower technical level should not be an obstacle to make the information provided as clear as possible, avoiding reloading the information with unnecessary details that make it difficult to read.
On the contrary, if the users to which the website is directed has a high level of knowledge about the Internet, it may not be necessary to provide basic information about what cookies are and how they work, although they must in any case include detailed information about what type of cookies are used on that page and for what purposes.
At all times it must be based on the consideration of the knowledge that an average user has about cookies and their management, without prejudice to demanding additional information when the web pages are especially aimed at users who by their profile can be considered to have a lower degree of knowledge.
Informing users is not something new on the Internet. Most website editors know what methods to use to attract users' attention to the information they want to highlight, such as in the case of promotions, offers or satisfaction surveys, and to obtain the consent of their users, even in other contexts. How users are viewed should leverage the experience gained through these methods.
In any case, it will be necessary for the user to take an action that can be classified as a clear affirmative action in order for the consent to be considered validly granted.
Obtaining consent through user conduct other than an acceptance button, but consisting of clear affirmative action, shall be admissible provided that the conditions under which the conduct occurs provide sufficient certainty that informed and unequivocal consent is given and that such conduct can be proved to have been carried out.
In any case, the mere fact of continued browsing, scrolling or swiping the website will not be considered a clear affirmative action under any circumstances. It will be necessary that the information of the first layer is completed with a system or configuration panel in which the user can choose between accepting cookies in a granular way or a link that leads to that system or panel.
When using non-necessary cookies, obtaining the user's consent is now mandatory. This consent may be obtained through express formulas, such as by clicking on a section that states "consent", "I accept", or other similar terms.
The mere inactivity of the user will neverr imply the provision of consent by itself. For such consent to be valid, it must be given freely and informedly. Therefore, it is necessary to take into account:
One aspect to consider is whether the relationship with the user is between the publisher or third parties. In this sense, it should be indicated whether consent is provided only for the website on which it is being requested or whether it is also provided for other websites of the same publisher or even for third parties associated with the publisher within the framework of the purposes of the cookies on which information has been offered.
Disclaimer: Depending on your line of business, country, industry and customer type (e.g. children, consumers etc.) you might need other documents and information so please note that this list is not exhaustive.
Sign up for a regular dose of news and updates from the legal landscape.