The AEPD updated their Guide on Cookies last July to make it more compatible with the regulations of the central European regulatory body. Budgets have been amended to make the regulations more clear, but also tighter. Even though the RGPD was implemented several years ago, many web pages still violate the cookie regulations. We will tell you about it and show you how to adapt your website so that it complies with it.
Although the regulations concerning cookies are not new, they were not defined as such until the RGPD (General Data Protection Regulation). There were some practices that were doubtful before the RGPD.
It is essential to understand what consent is. It is defined in Article 4 (11) RGPD as “any expression of free, specific and informed will by which an interested party accepts, either via a declaration, or a clear affirmative act, the processing personal data that concern him”.
There are situations in which web pages and apps do not consent to valid consent forms. This could be because they don’t allow you to choose, or because you are forced or subject to negative consequences. These pages require permissions to be downloaded on the mobile device in order to use an app that doesn’t really need them. (I wouldn’t be well informed). You will also need to accept the cookie wall in order to access the content. This prevents you from viewing the content if you don’t accept it (it wouldn’t be free).
Scrolling down the page or continuing to browse is not consent. They are not an affirmative act
The Guide outlines clearly what TRANSPARENCY means and how consent should be obtained in order to combat these poor practices.
It must be clear, concise, and understandable. It must also be easily understood by the average person in the target audience. It should also be easy to find, via a prominent link. The information must be available in the logical location where it can be searched, and must be permanent.
Consent is, as we’ve already stated, a clear affirmative act. Consent information must be distinct from other matters. Users must have the ability to withdraw consent at any time. It must be simple to withdraw consent. If consent was given to third parties, it must be clearly stated.
There are many forms of consent, and they all work if you inform them clearly and transparently how to give them.
As we’ve already stated, cookies are subject to the tacit consent (the text that says “If you continue browsing, you agree these conditions”) and the cookie walls (browsing is stopped if consent is not granted). Cookies walls are only valid if the user is offered an alternative to access the content. This could be prior payment or subscription.
Third parties may consent to cookies if the user refers to their privacy policies and is clear about how to accept or decline cookies.
One glance at the websites shows that many companies still require tacit consent or use techniques to get consent in a way that isn’t free for the user (e.g., to be able to view the contents). You must update your websites before the expiration of the transitional period (10/31/2020), as this could be the last notice by regulatory agencies