Late last year, Parliament approved an amendment to the Electronic Communications Act. The new version of the law takes effect on February 1, 2022, and introduces significant changes to the rules governing the use of cookies on websites, for which companies may face penalties.
Within the European Union, the processing of website visitors’ personal data is governed by the Directive on Privacy and Electronic Communications (ePrivacy Directive), which requires website operators to obtain consent from website visitors for the use of cookies. The only exception is technical cookies, which are necessary for the proper functioning of websites.
The purpose of the amendment to the Electronic Communications Act is to implement this ePrivacy Directive and, consequently, to implement the requirements for obtaining consent from website users. In practice, this means that only necessary (technical) cookies may be processed without consent. The use of other types of cookies, such as analytical or marketing cookies, will require obtaining consent from the website user. Most website operators will therefore have to bring their cookie policies into compliance with the new requirements of Act No. 452/2021 Coll. on Electronic Communications, as well as with the requirements of the GDPR, effective February 1, 2022.
The supervisory authority for privacy in electronic communications is the Office for the Regulation of Electronic Communications and Postal Services. If a violation or failure to comply with any of the obligations imposed by the new Electronic Communications Act is detected, the Office may impose a fine ranging from €200 to 10% of the turnover for the previous fiscal period. Facebook and Google, which we wrote about in a recent article, were also recently hit with hefty fines in the tens of millions of euros.
What is required, and what should you watch out for?
- Any collection and storage of information from an end-user’s device is subject to consent;
- The user must be informed of the purpose of collecting and storing the information;
- Visitors must be informed about the use of cookies on the website, e.g., via a toolbar or cookie banner;
- from the information provided, they should learn about the purpose of each cookie, its functionality, and whether data is shared with third parties;
- This information should be provided through a comprehensive disclosure requirement, which should be part of the cookie banner or bar—the disclosure requirement should specify the cookies, their function, the operator, the retention period, and third parties;
- Providing sufficient information about cookies should result in obtaining clear and unambiguous consent from the website user—this consent must be obtained prior to any data processing;
- The consent required from the user is assessed in light of the requirements of the GDPR (see guidelines);
- The user should also be informed of the option to withdraw consent or to modify it
- Withdrawing consent should be as easy as granting it;
- The controller may also inform the user about the impacts or consequences of withdrawing consent (e.g., the effect on certain website features).
In light of the above, we have decided to offer you a cookie audit for your website and a compliance audit with the amendment to the Electronic Communications Act. If you are unsure whether your cookie settings comply with the new law, please do not hesitate to contact us, and we will be happy to assist you.
Contact us via the contact form and get a free cookie audit!
