What are cookies and how do they work?
What are cookies? Cookies are temporary files that are installed on the device of the user who accesses websites. They usually have several purposes, sometimes for identification and other times to analyse the behaviour or conduct of the individual browsing the Internet. In essence, these types of files provide information about the website user.
Along with cookies, there are other information storage technologies (scripts, tracking pixels or other add-ons) that serve the same purpose.
How do cookies work? In general, cookies are stored on the user’s device when they access websites. When the user returns to said site, cookies enable the website to identify the user’s device and therefore remember the interactions that took place between said device and the website.
It is important to remember that there are different types of cookies, such as: technical cookies, analytical cookies, profiling cookies, etc. Moreover, it is essential to keep in mind that technical cookies are the only ones that can be placed on a user’s device without their consent since they are necessary for the proper functioning of the website.
What is a cookie banner (pop-up)?
In terms of data protection, the cookie banner or pop-up is the first layer of information about the cookie processing carried out by a website. In short, the cookie banner is a notice or pop-up window that appears when we access a website.
In summary, the changes included are the following:
- A reject button must be included in the cookie banner, along with the accept and settings buttons. This first layer of information must therefore contain:
- A “settings” button or visible mechanism that takes users to or displays a settings panel that allows them to accept or reject cookies manually, at least depending on their purpose.
- These buttons must have the same appearance, meaning that they must have the same formal and visual features for the user (i.e., colour, size, height, etc.). Rejecting cookies cannot be more difficult than accepting them.
- Likewise, as already established in the previous regulations, cookies must not be pre-ticked. Pre-ticking the box for cookie consent is an illegal action.
- If the website only uses technical cookies, the cookie banner must state “this website only uses its own cookies for technical or strictly necessary purposes”. Remember that this is the only case when obtaining the user’s consent is not required.
As explained previously, if we wish to comply with the regulations on cookies, we should take into account the following tips:
- The cookie banner is the first layer of information for this processing and it must comply with the duty of information in accordance with the GDPR.
- • Moreover, all cookie banners on any website must include: (i) “accept” button; (ii) “reject” button, and (iii) button or access to the cookies settings panel. These buttons must have the same features (colour, shape, size, etc.).
- • The “accept” option cannot be green and the “reject” option cannot be uncoloured or red. Withdrawing consent cannot be more difficult than giving it.
- Pre-ticked options for accepting cookies to obtain consent are not permitted under any circumstances. This is an illegal action.
- • Remember that the only case where the user’s consent is not required is when technical or strictly necessary cookies are accepted.
The following two examples of cookie banners comply with current regulations:
Helena Rodríguez Martín
Data Protection Consultant at PONS IP
Do you want to know more?