Cookies have been the centre of many discussions ever since data privacy laws were enacted. We’ve seen many websites introducing cookie banners and making them more and more compliant (e.g. by introducing a ‘reject all’ button and making it equal to the ‘accept’ button).
By now, you probably got the whole point about what cookies* are and how they are linked to the GDPR. However, there are still a few confusions related to what types of cookies need consent from the users.
All cookies can be divided into two categories:
In respect of cookies, this means that:
Also, if you say a cookie is strictly necessary because it fulfils a purpose (such as e.g. security) you must ensure that your use is only for that purpose. If you use any information for secondary purposes (such as e.g. analytics), the cookie would not be regarded as strictly necessary and you would then need consent.
You should provide clear information about all cookies including those that are strictly necessary, and, if personal data is involved, then you will be required to specify the legal basis for using those cookies.
Consent is not the only legal basis and for strictly necessary cookies you can rely on others which are set in Art 6 GDPR. The most commonly used legal basis for setting strictly necessary cookies are:
Regardless of which legal basis is chosen, it is important you provide clear and transparent information to your users about the processing of their personal data. With Openli’s Cookie solution you have the ability to add a legal basis according to the GDPR to each cookie directly in your cookie banner.
* The term ‘cookies’ is used to refer to cookies and similar technologies, such as tracking pixels, scripts, plugins, fingerprinting techniques and any other technology that stores or accesses information on the user’s device.