Big changes to the arrangement…

Author: Miroslav Eckart, Data Protection Officer Datainfo.si, doo

There are currently significant changes in the order of cookies on the site. Almost every day, there is news that this or that authority has imposed severe penalties for the improper use of cookies.

Google is especially under attack, especially Google’s analytics cookies, and of course Facebook. The French watchdog CNIL imposed fines on Facebook and Google in the total amount of 210 million euros. If the issue is not satisfactorily resolved within three months, an additional daily fine of €100,000 will be charged for each day of delay.[1]. The Austrian Supreme Court has declared the use of Google’s analytics cookies illegal[2]. Even the European Parliament has been reprimanded for using Google Analytics cookies[3].

Slovenia is also fully geared to changing the “in force” regulations for cookies, as recently (December 2021) the Government of the Republic of Slovenia approved a proposal for a new electronic communications law ZEKOM 2. The law is on its way to the National Assembly.

It is about » technical or. A non-political law, so don’t expect much partisan disagreement when the law is passed. An explicit change compared to the current regulations in ZEKOM 2 is that according to the new Article 225 of ZEKOM 2, instead of referring to the current Personal Data Protection Act (this is our current law and due to the partially invalid GDPR ZVOP 1) complies with personal data protection legislation.

The applicable legislation also includes the European Union General Regulation on the Protection of Personal Data (GDPR .).[4]), which will celebrate its four-year anniversary on May 25, 2018.

What exactly are cookies?

Cookies are small text files that are stored on the user’s device. We know of several types, and they are usually divided into urgent and non-essential cookies. Necessary cookies are those that a website needs to function properly. However, there are several types of non-essential elements and they are divided into analytic, tag, trace, etc.

It is now clear from all these provisions, decisions and penalties imposed that the legal basis for the use of non-essential cookies is classic consent, according to Articles 4 and 7 of the GDPR.

This means that user consent must be clear, voluntary, specific, informed and unambiguous. So solutions such as cookie notifications are not entirely appropriate, such as: “Our website contains cookies, find the appropriate settings in your browser and turn them off yourself.”

Example of bad practice

There is also no coherent solution from one of the most “busiest” Slovenian websites:

When you click Settings, the following appears:

Such an arrangement is very problematic because the fields are pre-filled/selected, which is in direct conflict with GDPR requirements.

Thus, it is very important that users have a fair chance to say yes or no in the same way (eg with the same number of clicks). Users should also be able to revoke their consent very easily.

In addition, on the occasion of Personal Data Protection Day on January 28, 2020, the IP RS announced at this event that it would be particularly interested in whether the information would be made available to users in accordance with Article 13 of the GDPR (mandatory implementation of all 12) requirements of Article 13 of the General Data Protection Regulation (GDPR). Usually, the information is provided to users in the form of a document called a privacy policy or privacy statement. Make sure this mandatory information is easily accessible and not “buried” or hidden on your website.

Instead of concluding, I recommend that to avoid censorship procedures and pay fines, edit your website with full consent regarding cookies and GDPR information, as inspectors do not have to leave offices (home) for censorship procedures because all your information (and breaches) visible to the public. / 7 online.


[1] https://www.cnil.fr/en/cookies-cnil-fines-google-total-150-million-euros-and-facebook-60-million-euros-non-compliance

[2] https://fortune.com/2022/01/13/austria-gdpr-google-analytics-max-schrems-noyb-edps/

[3] https://noyb.eu/en/edps-sanctions-pariffon-over-eu-us-data-transfers-google-and-stripe

[4] https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN

Bitcoin Trader

Bitcoin Trader

Leave a Reply

Your email address will not be published. Required fields are marked *