Online privacy
There are several different types of cookies that you can use on your website. Depending on the purpose of the cookie, you may require the prior consent of your users.
Cookies that do not require consent
The following are some cases where consent is not required:
- Cookies used for the sole purpose of carrying out the transmission of a communication, such as cookies that allow the processing of web server requests over a pool of machines instead of just one (load balancing).
- Cookies that are strictly necessary to provide an online service that the person explicitly requested. e.g. user-input cookies (cookies used when you ask your users to fill out an online form or when your customers use a shopping basket while purchasing products on your web site), or authentication cookies (when users authenticate themselves on your web site to log in in order to check online services such as their bank account).
Cookies that require consent
Some cookies require the consent of your users before you can use them to collect their data. This means cookies cannot be set when the webpage is first opened. You can only set the cookie and use the information collected through it once you have obtained the user's consent.
The following are some cases where consent is needed:
- social plug-in tracking cookies (such as those used for behavioural advertising, analytics or market research)
- third party cookies used for behavioural advertising.
Intended purpose of the cookies
If you use cookies that require consent, you must give the person browsing your website clear and comprehensive information about the cookies used on your website and their purpose. Your users should be allowed to give their specific consent depending on the purpose of the different types of cookies they are accepting, e.g. they should be able to give separate consent for tracking cookies.
Withdrawal of consent
You must make sure it's as easy for your users to withdraw their consent as it is for them to accept cookies. If the user chooses to withdraw their consent, you still have to provide some sort of minimum service for them, e.g. they can at least access part of your website.
Check the FAQs of the European Commission: FAQs - Data protection and online privacy