The guidelines unify the requirements for cookies stemming from both national control procedures and issued opinions, as well as guidelines and recommendations from the European Data Protection Board. The guidelines aim to provide website operators with simple, clear, and transparent instructions on how to use cookies in practice, while complying with applicable regulations.
The guidelines are divided into four chapters, the first and second of which discuss basic concepts and types of cookies and similar technologies, such as web beacons and browser fingerprinting. The guidelines clarify that the term cookies refers to all technologies that enable the storage or retrieval of data from a user’s device. The third chapter highlights the legal framework for the use of cookies.
The guidelines state that the use of cookies is only permitted if the subscriber or user has given their consent. Consent is not required for cookies that are strictly necessary for the provision of an information society service explicitly requested by the subscriber or user.
The last chapter of the guidelines contains practical measures that organizations can take to ensure compliance with the relevant regulations when using cookies. These measures include:
- specifying the type, purpose, and duration of the cookies used;
- assessing the necessity of all used cookies based on the services offered;
- checking whether the invasiveness of cookies can be reduced;
- informing users about cookies in an easily accessible, clear, and understandable manner;
- ensuring that users give their consent to the use of cookies; and
- placing the option to withdraw consent for the use of cookies in a visible location.