As we told you in , the digital cookies (also known as “computer” or “tracking”) are text files, usually encrypted, that are placed in browser directories by server orders.
You hear a lot about them, but Do we know what they really are and do we accept them consciously? Do we know what information they collect and what they are used for? Today we want to dig a little deeper into this topic and explain to you what they consist of, what types of cookies there are and how they are going to have to be managed as of October 31, taking into account the new Guide on the use of cookies published by the Spanish Data Protection Agency (AEPD) based on the guidelines set by the European Committee for Data Protection (CEPD). Let us begin!
What are cookies
As explained by the , cookies are tools that play an essential role in the provision of numerous information society services that concentrate the largest advertising investment, facilitate user navigation and offer advertising based on occasions on browsing habits.
They are used to allow users navigate more easily and develop certain functions and processes on the websites. These encrypted texts are created when a user’s browser loads a particular page. This page sends information to the browser and the text file is generated. Every time the user returns to the same page, the browser retrieves this file and sends it to the page’s server. Those from other websites (third-party cookies) that offer advertisements in the URL that the user visits also appear on the same page.
What types of cookies are there:
Depending on the domain from which they are sent
Depending on who manages the computer or domain from where the cookies are sent and the data obtained is processed, we can differentiate between two types of cookies:
Own cookies
They are those that are sent to the user’s computer from a computer or domain managed by the website itself that we are visiting and from which the service requested by the user is provided. They are generally used to improve the user experience when entering a page.
As an example, we have Login (which allow, for example, to remember the username to facilitate the login), those of personalization (to remember that we have interacted with X so that the website itself shows us relevant content based on that information) or those of preferences (which collect precisely the user’s preferences, such as the language or the way in which they see certain content).
Third party cookies
They are those that are sent to the user’s computer from a computer or domain that is not managed by the website itself, but by another entity that processes the data obtained through cookies. They may be Very varied and with different purposes: collect statistical data, use data, user tastes, etc. As an example, we have those like Facebook or analytics like Google Analytics.
In both cases, they collect information about user navigation. Keep in mind that this information is not analyzed by user, but by browsing. That is, if we enter a web page from Google Chrome and accept its cookies, this configuration will not be maintained later if we access from Mozilla Firefox.
According to its purpose
According to its purposewe can differentiate between
technical cookies
They are those that allow the user to navigate through a web page, platform or application and the use of the different options or services that exist in it, including those that the publisher uses to allow the management and operation of the website and enable its functions and services, such as, for example, controlling traffic and data communication, identifying the session or sharing content through social networks, among many others.
Also belonging to this category, due to their technical nature, are those cookies that allow the management, in the most efficient way possible, of the advertising space that, as one more element of design or “layout” of the service offered to the user, the editor has included in a web page, application or platform based on criteria such as the edited content, without collecting information from users for different purposes , such as personalizing that advertising content or other content.
Preference cookies or personalization
They are those that allow remember information for the user to access the service with certain characteristics that can differentiate your experience from that of other users, such as, for example, the language, the number of results to display when the user performs a search, the appearance or content of the service depending on the type of browser through the which the user accesses the service or the region from which the user accesses the service, etc.
If it is the user himself who chooses those characteristics (for example, if select the language of a website by clicking on the icon of the flag of the corresponding country), the cookies will be exempt from the obligations of article 22.2 of the LSSI as they are considered a service expressly requested by the user, and this as long as the cookies obey exclusively to the selected purpose.
Analysis or measurement cookies
They are those that allow the monitoring and analysis of the behavior of the users of the websites to which they are linked, including the quantification of the impacts of the advertisements. The information collected through this type of cookie is used in the measurement of website activity, application or platform, in order to introduce improvements based on the analysis of the usage data made by the users of the service.
Behavioral advertising cookies
They are those that store information on the behavior of users obtained through the continuous observation of their browsing habits, which allows the development of a specific profile for display advertising based on it.
In any case, it must be taken into account that these typologies are offered as a guide because they are the most common. Publishers and third parties may make the categorizations that they consider best fit the purposes of the cookies they use, in such a way that the principle of transparency towards users is respected.
Depending on the length of time
And finally, depending on the period of time they remain activatedwe can differentiate between two types of cookies:
session cookies
They are those designed to collect and store data only while the user accesses a web page. They are cookies temporarythat they are deleted when the user leaves the page and closes the browser.
Persistent (or permanent) cookies
They are those in which the data is still stored in the terminal and can be consulted and processed during a period defined by the person responsible for the cookie, and which can be from a few minutes to several years. these files remain in a browser subfolder until the user deletes them manually or the browser deletes them according to the duration period established in the cookie file.
Legislation change: what changes?
The Spanish Agency for Data Protection (AEPD) has updated it to adapt it to the Guidelines on consent modified in May 2020 by the European Committee for Data Protection (CEPD). Below is the summary of the most notable changes that the AEPD has shared:
The European Committee for Data Protection has revised in May 2020 the Guidelines 05/2020 on consent in order to clarify its position in relation to two issues: (1) the validity of the “continue browsing” option as a way of providing consent by users and (2) the possibility of using what are known as “walls of cookies”that is, to limit access to certain services or content only to users who accept the use of cookies.
With regard to the first of these points, the Committee considers that the option to “continue browsing” does not constitute in any circumstance a valid way of giving consentto the extent that such actions may be difficult to distinguish from other activities or interactions of the user, so it would not be possible to understand that the consent is unequivocal.
The cookie management system must be integrated into its own or when a link that leads directly to the management system is included in this policy. In the event that it is not possible to offer a sufficient explanation, for example, about the purpose of the cookies used by third parties or how to eliminate them, you can provide this information including a link to the third party’s website.
Regarding “cookie walls”, the Committee has specified that, for consent to be considered freely granted, access to the service and its functionalities must not be conditional on the user consenting to the use of cookies.
Examples of how to display the cookie notice
In the AEPD’s own, they include several examples. Below, as an example, we can see 3 examples that visually explain how we could set up the first layer (the first message) that the user will see. It is the most relevant message and each company must assess how to display it and how to allow access to additional information and the possibility of configuring it as it deems.
How this change in the way of accepting cookies will affect the user
When accessing a web page, the user will have to see a message in a visible and understandable format for the user that is maintained until the user performs the action required to obtain consent or its rejection. This information must be shown before injecting the cookies, since it must be done based on the will expressed by the user in this regard.
As we have commented, it will be necessary for the user to carry out an action that can be classified as a clear affirmative action for the consent to be considered validly granted. Obtaining consent through user behavior other than an acceptance button, but consisting of a clear affirmative action, will be admissible provided that the conditions in which the behavior occurs offer sufficient certainty that informed and unequivocal consent is given. and it can be proven that said conduct has been carried out.
In any case, the mere fact stay on the screen, scroll or navigate by website will not be considered a clear affirmative action under no circumstance. The CEPD has established that continuing to browse is not a valid way of giving consent. In the same way, the consultation of the second information layer if the information is presented in layers, as well as the navigation necessary for the user to manage their preferences in relation to cookies, is not an active conduct from which the acceptance of cookies can be derived. .
It will be necessary that the information of the…
Facebook Comments
Disqus