A document which, for the first time in Europe, has been written together with a data protection authority and representatives of the digital publishing industry.
The document doesn’t intend to give out a general and uniform response to the fulfillment of the law but to expose the rules which the digital businesses must take into account when using cookies to gather data from users and tgat the necessary decisions to adapt to the norms are taken, taking into account their interests and business model.
José Luis Rodriguez Alvarez, AEPD Director, says that, with this guide “clear ruels are set to make sure that users settle if they allow or not the installation of cookies in their terminals, having clear and complete info about what data they gather, who will handle them and for what purpose.”
The AEPD Director also says that “we provide general business and website managers some guidelines and pratical orientations which will make the fulfillment of legal obligations easier along with further juridical safety and the flexibility degree needed to make the development of digital economy possible.”
In this sense, the Law of Information and E-Commerce Society Service (LSSI), establishes, on Article 22, a right for all business which are the user’s right to information and the gaining of permission from them.
Info about cookies
2nd paragraph of Article 22 of the LSSI establishes that the users must be given “clear and complete info” about the cookies they’re using. The info has to be clear enough so that users realize the cookies’ purpose, know what use their data will have and who will receive them.
The guide suggests using two info layers (basic info and a page with additional info) while minding the type of average user in the site or app which instals the cookies so as to use a language style fit to their technical knowledge. We must remember that nowadays such knowledge level is rather low.
Besides that, the LSSI establishes that the business must have have a previous consent from the user with prior knowledge before using cookies via the click in paragraphs or carrying out set actions.
The LSSI finally says that the users have the right to have previous info about how to deactive or eliminate the cookies as well as to how to revoke a consent which had been previously lent.
Cookies excluded from LSSI
Excluded from applying ambit of LSSI’s Article 22.2 are the cookies which are only used to transmit a communication or when they are need to provide a service requested by the user:
- -User entry cookies:
- -User authentication or user ID cookies(session only)
- -User security cookies
- -Multimedia player session cookies
- -Session cookies to balance load
- -User interface customizing cookies
- – Plugin cookies to exchange social contents
Dowload the cookie use guide