Menú

All

cookies

Validity and limits on cookie consent

The consent to collect cookies must be free, specific, informed and unambiguous. This implies that techniques such as scrolling are not currently valid. The Spanish Data Protection Agency has had to reform its guide on cookies in July to adapt to it. And companies will be required to make these changes from October 31, 2020.

Validity and limits on consent to cookies

The validity and limits of the consent of cookies have recently been questioned by the ECDC. The EDC, the European Data Protection Committee, has published guidelines on consent in May 2020. This has meant that the national data protection authorities of the Member States have had to adapt.

Contacto No te quedes con la duda, contacta con nosotros. Estaremos encantados de atenderte y ofrecerte soluciones.

What are cookies?

Cookies are data sets that are generated each time an individual accesses a certain website. This data is generated independently of the type of electronic device used to access it, computer, cell phone, etc.

To collect this data, the consent of the users is necessary. This was established by Directive 2002/58/EC known as e-Privacy.

What kind of consent is needed?

The e-Privacy Directive refers to data protection regulations when requiring consent. At the time it was the Directive 95/46/EC now repealed by the GDPR in effect since May 2018.

The Data Protection Regulation (GDPR) states that the consent must comply with the following characteristics in order to be valid. It must be:

  • Free: the person concerned must have control over that consent without any outside influence. It cannot be detrimental to the user.
  • Specific: you must consent to the uses specifically outlined for these treatments. Nothing more than that expressed in the consent request.
  • Informed: the interested party must have information in an accessible manner to know what he is consenting to. And this information must always have some minimum factors. Some examples are the identity of the person responsible and/or in charge, the purpose of the treatment, its legitimate basis… This information must be provided in a clear and understandable way by the users or interested parties.
  • Unequivocal: there can be no mistake about the user’s consent.

What techniques are not allowed to consent to cookies?

The UNECE thus established in its May 2020 guidelines limitations on consent to cookies. Specifically, there are two that are the most significant:

  • Scrolling will not be allowed as consent: previously there were doubts about the validity of this consent, but the ECDC trenches the debate. Scrolling does not constitute informed or unambiguous consent because the subject himself may have slid the mouse by mistake.
  • Also pop-ups asking for cookie consent without allowing access to the website will not be allowed. Called cookie walls. Since in this case there is no free consent from users. You should consent yes or yes if you want to access the content because otherwise you will be expelled from the web. Currently it is allowed that the rejection of cookies deny access to the web provided that two conditions are fulfilled. That the user is properly informed and that an alternative way to access the service without accepting cookies is provided.

Is there any way for companies to benefit from this?

Marketing experts warn that those companies that implement more transparent cookies on their websites will benefit. Websites that put a banner below asking for consent to each treatment are better valued by users. This transparency indirectly increases their brand power. Since users are more willing to revisit that website or others related to the brand.

When does the new AEPD regulation come into force?

In addition to the possible benefits of following an appropriate cookie policy, there are also detriments if it is not done. The Spanish Data Protection Agency has already established in July 2020 which consent will be valid for cookies. All websites that do not comply with the consent request set in this guide will be financially sanctioned. The companies have been given 3 months  to adapt to this regulation Therefore, from October 31, 2020, companies that do not comply with these rules may be sanctioned.

Conclusions

Not every consent is valid for collecting cookies on the web pages. The consent must always meet the requirements of the GDPR. Be free, specific, informed and unambiguous. Those companies that do not adapt to these guidelines will be sanctioned by the Spanish Data Protection Agency.

If this article has been of interest, we also suggest you to read the following article published on our website: Can I monetize tracking cookies?

Publicaciones relacionadas