Regulating the use of cookies: Informed consent, protected final user
The Spanish Government recently passed the Real Decreto-ley 13/2012 with the purpose of implementing several EU directives including Directive 2009/136 on the protection of privacy in the electronic communications sector. The implementation of this directive entails the amendment of Law 34/2002 on electronic commerce (“LSSI”) and the Law 32/2003 on telecommunications (“LGT”). Both the wording and the content of certain articles comprised in the two abovementioned laws were actually modified. In particular, articles 34, 36 bis and 38 LGT and articles 20.4, 21.2, 22.2 and 31 LSSI.
Thanks to the amended regulation personal data experiences a positive enhancement of protectionism insofar the use of so-called cookies is significantly restricted to the benefit of the final user. Cookies are small files that store information of the websites actually visited by the final user. Once gathered, these cookies reveal lots of valuable information concerning the personal profile of the latter. That information becomes priceless for traders using advertising techniques such as “behavioural advertising” in order to achieve a more accurately targeting of the prospective user and/or consumer of Internet-related services. However, the unlimited use of cookies may imply serious risks for user’s privacy.
New Art. 22.2 LSSI states that Internet Services providers can make use of cookies as far as users have given their consent after clear and complete information about the objective of these cookies have been provided. In addition, informed consent is subject to revocation by the user at any time. In practice, most of the times, both the consent to receive cookies and its revocation can be implemented by means of a menu available in the Internet browser permitting to disable cookies.
Since there is no rule without exception, according to Art. 22.2 in fine, the informed consent of the user is not needed in those cases where the use of a cookie is essential to the proper provision of a given Internet-related service that has been expressly solicited by the user.
All in all, in Salvador Ferrandis & Partners we do believe that the underlying idea behind the legislative amendment at stake cannot be other than conferring the final user more self-responsibility whilst making him less defenceless in such a potentially-hostile environment as it is the cyberspace.
Related Posts:
- Legal checklist for the right management of a website in Spain
- Advocate General Conclusions in “Google Spain”: web search engines are not obliged to delete personal data from search results.
- Effectiveness of the “Sinde Law” against websites hosted abroad and European Union law
- Some comments on the first-sale doctrine in the digital environment