The internet is a parallel world where we project our identity — not only by creating profiles on social networks or interacting with content, but simply by browsing the web. Every action, every view, every download, and every click transmits valuable information to all kinds of entities for which our personal data is highly valuable. Thanks to the trail we leave behind — and that we allow to be tracked by accepting the famous cookies — companies can get to know us deeply and offer exactly what we want, making their offers irresistible to us.
However, to ensure that the internet does not become a danger to users and that data privacy regulations are not violated, a Cookie Law has been created to protect us and to explain how the information we share will be used.
To understand what the Cookie Law says and how it protects us, it is important to know exactly what cookies are. In the context of computing and web browsing, cookies are small text files that websites store on your device (such as a computer, tablet, or phone) when you visit a webpage. These files contain information that websites use for various purposes, such as remembering your preferences, tracking your activity on the site, and providing a personalized browsing experience.
Some examples of the information that cookies can store include the following types of data:
User preferences: data such as preferred language, geographic location, date and time format, and display settings of the website.
Login information: usernames and passwords that allow automatic access to user accounts on websites.
Shopping carts: products or services selected by the user in online stores can be stored in cookies to remember them during the browsing session or between visits.
Activity tracking: cookies can track the user’s activity on the website, such as visited pages, time spent on the site, and clicks made. This information is used to analyze user behavior and improve the site experience.
Authentication data: to keep users authenticated on a website and allow access to restricted areas.
Personalized advertising: cookies can store information about the user’s interests and are used to display relevant ads based on browsing history.
Security and authentication: some cookies are used to maintain session security, such as preventing identity theft attacks.
Session information: session identifiers that allow the website to recognize users during their current visit.
Third-party tracking data: third-party cookies, such as those used by web analytics and advertising networks, collect data to analyze site traffic and measure ad effectiveness.
Now that we know exactly what cookies are and what data they collect, let’s look at where this law sets the legal limits to protect users. In July 2023, the Spanish Data Protection Agency (AEPD) updated its cookie consent banner requirements following new guidelines issued by the European Data Protection Board.
The consent banner must include the name of the website’s publisher, the purposes of the cookies, information about who owns the cookies, the type of data collected, and how users can accept, modify, or reject their use. Additionally, the buttons on this banner must be clearly visible, and a link providing access to more detailed information must be included.
In the second layer of the banner, when the user seeks more information, cookies must be grouped by at least one function so that users can accept or reject them individually. Within each purpose, cookies can also be grouped by the third party responsible for them, allowing users to share their data only with the company they choose.
It is necessary to specify clearly whether the consent applies exclusively to the website requesting it or also to other sites belonging to the same publisher or its partners. Additionally, the option to reject cookies must be clearly offered to the user, and under no circumstances should user inactivity be interpreted as consent.
The duration of cookies must be the minimum necessary to achieve their intended purpose. The use of cookie walls under the recent update may comply with the law, provided that adequate information is given to users and they are offered an alternative way to access the service without needing to consent to the use of cookies.
It is also important to ensure that both service options are genuinely similar and that the alternative service is not provided by a different entity than the website’s publisher.
Did you find this post interesting and want to learn more about data privacy on the internet? Subscribe to Educa.Pro and discover all the content we’ve prepared for you about digital transformation and new laws in digital environments!
.jpg)