1.Definition of “Cookie”
A cookie is any file or device that is downloaded to the terminal equipment of a user in order to store data that can be updated and retrieved by the entity responsible for its installation.
2. “Cookie” types
Cookies can be classified according to the entity that manages them, according to the time they remain enabled in the terminal equipment and their purpose.
The primary obligation for companies or service providers in the information society or internet, through such means as websites, platforms or applications is set by article 22.2 of the Spanish “Law of Information Society Services and Electronic Commerce” (Ley de Servicios de la Sociedad de la Información y de Comercio Electrónico, LSSI ) that states:
“Service providers can use storage devices and data recovery target terminal equipment, provided that users have given their consent after they have provided them with clear and comprehensive information on their use, in particular, regarding the purposes of processing the data in accordance with the provisions of Law 15/1999, of December 13, Protection of Personal Data.
In addition, cookies used for any of the following purposes are excused from compliance with the obligations under Article 22.2 of the LSSI
- To allow only the communication between the user equipment and network
- To solely provide a service explicitly requested by the user.
From this, it follows that, cookies that would be exempt from the obligations provided in art. 22.2 have the following purposes:
- User input cookies
- Authentication or user identification cookies (session only)
- User security cookies (Repeated failed attempts and connection).
- Multimedia player session cookies.
- Session cookies for load balancing.
- User interface customization cookies.
- Complement cookies for the exchange of social content.
These cookies are excluded from the scope of art. 22.2 Of the LSSI and, therefore, would not need to inform and obtain the consent for their use. On the contrary, it would be necessary to inform and obtain consent for the installation and use of any other type of cookie, both first and third party, session or persistent, being subject to the scope of Article 22.2 of the LSSI, and for which the guidelines herein will be useful.
Cookies, depending on the entity that manages them, may be,
- Proprietary cookies: those that are sent to the user’s terminal equipment from a computer or domain managed by the editor itself and which provide the service requested by the user.
- Third party cookies: those that are sent to the user’s terminal equipment from a computer or domain that is not managed by the publisher, but by another entity that processes the data obtained through cookies.
Cookies according to the length of time they remain enabled in the terminal equipment can be,
- Session Cookies: these are a type of cookie designed to collect and store data while the user accesses a web page.
- Persistent cookies: These are a type of cookie from which data are stored in the terminal and can be accessed and processed for period of time defined by the entity responsible for the cookie that can be few minutes to several years.
Cookies according to their main goal can be,
- Technical cookies: those that allow the user to navigate through a website, platform or application, and use of the different options or services it exists as, for example, control traffic and data communication, identify the session, access restricted parts, remember the elements of an order, making the buying process an order, make an application for registration or participation of an event, use security features, while browsing store content for broadcasting video or audio or share content via social networks.
- Customization cookies: those that allow users to access the service with some features of a general nature based on a predefined set of criteria by the user terminal such as language, the type of browser through which to access the service, the locale from which to access the service, etc.
- Analysis cookies: those that allow the responsible entity to monitor and analyze the behavior of users of the websites to which they are linked. The information gathered through such cookies is used in measuring the activity of web, application or platform sites for profiling navigation users of these sites, applications and platforms, in order to make improvements based on analysis of data usage generated by the service users.
- Advertising cookies: those that allow the management, in the most effective manner possible, of advertising spaces, based on criteria such as content edited or frequency in which ads are displayed, that the editor has included in a web page , application or platform from which the requested service is provided.
- Behavioral advertising cookies: those that allow the management, the most effective way possible, of advertising space that the publisher has included in a website, application or platform providing the requested service. These cookies store information on user behavior obtained through the continuous observation of your browsing habits, allowing it to develop a specific profile to display ads based on it.
There are two legal obligations imposed by the regulations: the duty to provide information and obtaining consent.
The first priority is to identify the cookies being installed or used, analyzing whether they are proprietary or third-party cookies, session or persistent, specifying their role to decide whether they are or are not in the scope of Article 22.2.
The second paragraph of Article 22 of the LSSI states that users must provide clear and complete information about using storage devices and data recovery and in particular about the purposes of processing the data, under the provisions of Law 15/1999 of December 13 on the protection of personal data.
Therefore, the information on cookies provided at the time of requesting consent should be sufficient and complete to enable users to understand the purpose for which they were installed, and know the uses that they will have.
The required information may be provided by multiple systems. As we shall see, generally, by these means not only will the necessary information be provided, but consent may also be requested of the user to install the devices. Among the most common methods are;
- Providing information through a header bar or footer, in a sufficiently visible application.
Also, information on how to disable or remove cookies set out through the functionality provided by the publisher should be offered, in addition to how to revoke consent already given.
4. Consent is given in an informed manner.
First it should be mentioned that consent is always given with previous, clear, visible and accessible information on what cookies are and what kind of cookies are used by the website and that, therefore, and consent is given.
There are several ways to obtain user consent;
- During the setup process operation of the website or application.
- In the moment when a new feature offered on the web page is requested.
- Before a user downloads a service or application offered on the website
6. Browser’s configuration
This acceptance may be revoked by the content and privacy configuration options available in it. The Owner recommends its users to check the help of their browser or access the help web pages of the main browsers:
If the user wishes to ask any questions about the Website’s Cookies Policy, he/she can contact the Owner at the following address: firstname.lastname@example.org , indicating “Cookies Policy” in the subject field.