The Internet is a parallel world in which we extrapolate our identity, not only by opening profiles on social networks or interacting with the content but simply by browsing the web. Every action, every view, every download and every click transmits valuable information to all types of entities, for which our personal information is very important. Thanks to this trace that we leave, and that we allow it to be tracked by accepting the famous cookies, companies can know us deeply and offer us just what we want to make us irresistible.
However, so that the Internet does not pose a danger to users and so as not to violate data privacy regulations, a Cookies Law has been developed that protects us and details what the information we provide will be used for.
But what are the famous cookies?
To understand what the Cookie Law says and what it protects us from, we must know exactly what cookies are. In the context of computing and web browsing, they are small text files that websites store on your device (such as a computer, tablet or phone) when you visit a web page. These files contain information that websites use for various purposes, such as remembering your preferences, tracking your activity on the site, and providing a personalized browsing experience.
What information can cookies store?
Some examples of the information that cookies can store include the following types of data:
User preferences: Data such as preferred language, geographic location, date and time format, and website display settings.
Login information: Usernames and passwords to allow automatic access to user accounts on websites.
Shopping carts: the products or services selected by the user in online stores can be stored in cookies to remember them during the browsing session or between visits.
Activity Tracking: Cookies may track user activity on the website, such as pages visited, time spent on the site, and clicks made. This information is used to analyze user behaviour and improve the site experience.
Authentication data: to keep users authenticated on a website and allow access to restricted areas.
Personalized advertising: Cookies can store information about the user’s interests and are used to display relevant ads based on your browsing history.
Security and authentication: Some cookies are used to maintain the security of the user session, such as preventing phishing attacks.
Session Information: Session identifiers that allow the website to recognize users during their current visit.
Third-party tracking data: Third-party cookies, such as those used by web analytics services and advertising networks, collect data to analyze site traffic and measure advertising effectiveness.
Fundamental points of the current Cookies Law
Now that we know exactly what cookies are and what data they feed on, let’s see where this law sets the legal limits to protect users. In July 2023, the Spanish Data Protection Agency (AEPD) updated its requirements on cookie consent banners with the new directives issued by the European Data Protection Council.
These are some more important developments that will come into force in January 2024
Cookie consent banner
The name of the editor or Publisher of the website, the purposes of said cookies, information about who the cookies belong to, the type of data that will be collected and how the user can accept, modify or reject this treatment must appear in the consent banner. . In addition, the buttons on this banner must be visible and a link with access to more detailed information must be included.
In the second layer of the banner, when the user reaches it in search of more information, the cookies must be grouped into at least one function, so that the user can accept or reject one by one. Within each purpose, cookies may also be grouped according to the third-party responsible for them, so that the user can transfer their data only to the company they decide.
Methods to obtain consent
It is necessary to unequivocally specify whether consent is granted exclusively for the website on which it is requested, or whether it covers other pages, whether from the same publisher or from third parties associated with said publisher. Furthermore, the option to reject cookies must be clearly offered to the user and under no circumstances will user inactivity constitute consent.
On the other hand, it is important to consider that the services of both options must be genuinely similar and that the alternative service cannot come from a different entity than the publisher.
Did you find this post interesting and want to know more about data privacy on the internet? Subscribe to Educa.Pro and discover all the content we have prepared for you on digital transformation and new laws in digital environments!