How could we conduct a cookie audit?
When you perform a cookie audit, you must:
– Identify the cookies that are present.
– Confirm the purpose of the cookies.
– See that the cookies are not linked to other information about the user.
– Identify the data contained in each cookie.
– Distinguish between cookies that are strictly necessary and those that are not.
– Design a consent mechanism, or control panel, that guarantees that users can exercise their rights.
– Determine the life cycle of the cookies.
– Be clear about which are your own cookies and which are third party cookies.
– Once all this has been done, it is advisable to document everything and carry out periodic revisions.
Please note that the terms of the third party cookies may vary over time so we should review these periodically.
It will be very important to put adequate tools at the user’s disposal so that they can configure their preferences regarding cookies.
We cannot rely on the use of the terms and conditions to obtain consent to process cookies.
In any case, the best method to ensure regulatory compliance will be to provide clear and understandable information to the user, as well as having appropriate consent mechanisms under the provisions of the RGPD.
One of the most complex areas to comply with is compliance with legal requirements when using third party cookies. We must give the user the option to accept or reject them while we ensure that those third parties comply with their obligations.
One type of cookie that is often misleading is the analytical cookie. Although they are very useful for the service provider, they are not strictly part of the service requested by the user. If there were no analytical cookies, the service could still be provided to the user, so they are not strictly necessary either.
Therefore, it is important that we provide information about their existence and purpose. In the event that these cookies are transferred to third parties, we must inform the user accordingly and obtain their consent.
The user has the right to withdraw the consent given for the storage of information on his device at any time.