Consent is closely linked to the information we provide to the person concerned. No provider can guarantee that the recipient, using his or her free will, will make better or worse use of the information made available to him or her.
However, what can be guaranteed is that this information will be presented in a way that is “accessible” to the recipient. This means that the information must be given before the information is stored on the device. The information must be provided in a clear and precise language, avoiding any ambiguity, information overload and separately from other legal notices and general conditions, among other requirements.
Information society service providers are familiar with the methods to be used when they want to draw the attention of their users to certain products, services or information. Therefore, the requirement to ensure that information on the use of these technologies is guaranteed in such a way that the user can access it without any effort is not a special challenge.
With respect to privacy, please note that any individual can be identified online by the identifiers provided by their devices. (recital 30 RGPD).
Well, this identification gives the providers the possibility to combine the data obtained from the browsing habits on their websites, with the behavior of that user in other domains, its geolocation, etc. This allows the elaboration of profiles of individuals and their identification.
If the identification of a natural person already falls within the scope of the RGPD, the elaboration of a profile of the same is a specially protected aspect in terms of data protection. This means that a careful examination will have to be made of what kind of personal data are being processed and, depending on the specific processing, security measures will have to be taken to ensure the legitimacy of the processing.
Withdrawal of consent
Perhaps one of the most controversial issues regarding cookies is the obligation by which the person concerned must be able to withdraw his or her consent as easily as I do. In practice, this is implausible and not very functional. The cookie warning is a warning offered to the user as soon as he or she visits the web content of the page. Consent can be given with a click. While to withdraw it is necessary to “make several clicks” and browse the website.
Therefore, within the agglomeration of basic information to be delivered to the interested party, it must include clear information on how to accept, deny or revoke consent or delete the cookies stated through the functionalities provided by the publisher (the management system or configuration of cookies that has been enabled) or the navigation software used or the operating system of the terminal or through the common platforms that may exist for this purpose. The reference to the settings of the navigation system is valid. If the publisher’s management system does not allow the rejection of third party cookies once accepted by the user, information will be provided on the tools provided by the browser or by third parties. Users are advised that if they wish to delete third party cookies, they may do so through the means made available by the latter or from the browser itself.
When can cookies be used and installed?
The use of the cookie may take place when the user has the mandatory information about cookies and the way to obtain consent and the consent is given in accordance with the legal requirements, explained above.
What happens when the content of the cookies changes?
Can access to the service be denied if the user refuses the installation of cookies?
As a general rule, the use of “cookie walls” is not legal. It is not permitted to deny access to the service to a user for not accepting the installation of cookies. This does not prevent that if access to certain areas of the domain is restricted if the policy of cookies is not accepted.