to Art. 22.2 de la LSSICE 34/2002.
In accordance with article 22.2 of Law 34/2002, drafted by section five of the second final provision of Law 9/2014, of May 9, General Telecommunications (“BOE” May 10; Correction of errors “BOE” May 17) and effective from May 11, 2014: “Service providers may use data storage and recovery devices (so-called cookies) in terminal equipment of the recipients, provided that they have given their consent after They have been provided with clear and complete information on their use, in particular, on the purposes of data processing, in accordance with the provisions of Organic Law 3/2018 on the protection of personal data.” However, and in accordance with the third paragraph of article 22.2 “The foregoing shall not prevent the possible storage or access of a technical nature for the sole purpose of transmitting a communication over an electronic communications network or, to the extent that is strictly necessary, for the provision of an information society service expressly requested by the recipient”. This last point refers to those known as technical cookies.
The procedure to comply with the regulatory obligations regarding cookies is:
a) Carry out an inventory of the cookies used by the website, compiling: the name of the cookie, its entity (own or third party), its purpose and the conservation period. To carry out this task, you can use the developer tools included in web browsers or go to the company that designed and programmed the web page.
b) Define a text of the purposes in a summarized way that will be included in the so-called “first layer”. The installation of this first layer requires computer and programming knowledge or the use of third-party tools, always bearing in mind that the user must be given the possibility of rejecting the installation of cookies, except for technical cookies that cannot be rejected…
In its guidelines on transparency, WG29 recommends the use of layered privacy statements or notices, that is, containing the information in layers, so that the user is allowed to go to those aspects of the statement or notice that are of interest. greater interest for him, thus avoiding information fatigue, and this without prejudice to the fact that all the information is available in a single place or in a complete document that can be easily accessed if the interested party wishes to consult it in its entirety.
In the first layer, which for greater clarity can be identified under a term of common use (such as, for example, “cookies”), the following information would be included:
b) Identification of the purposes of the cookies to be used.
c) Information on whether the cookies are their own (of the person responsible for the web page) or also of third parties associated with it, without it being necessary to identify the third parties in this first layer.
d) Generic information on the type of data that will be collected and used in the fact that user profiles are created (for example, when behavioural advertising cookies are used).
f) A clearly visible link directed to a second information layer in which more detailed information is included, using, for example, the term “Cookies”, “Cookies Policy” or “More information, click here”.
2.- WHAT ARE COOKIES?
A cookie is a file that is downloaded to your computer when you access certain web pages. Cookies allow a web page, among other things, to store and retrieve information about the browsing habits of a user or their equipment and, depending on the information they contain and the way in which they use their equipment, they can be used to recognize to user. Cookies are only associated with an anonymous user and her computer or device and do not provide references that allow her personal data to be known.
3.- TYPES OF COOKIES
3.1.- According to the entity that manages them
a.- Own Cookies: These are those that are sent to the user’s terminal equipment from a computer or domain managed by the editor itself and from which the service requested by the user is provided.
b.- Third-party cookies: These are those that are sent to the user’s terminal equipment from a computer or domain that is not managed by the editor, but by another entity that processes the data obtained through cookies.
3.2.- According to the purpose
a) Technical cookies: are those that allow the user to navigate through a web page, platform or application and the use of the different options or services that exist in it, including those that the editor uses to allow the management and operation of the website and enable its functions and services, such as, for example, control traffic and data communication, identify the session, access restricted access parts, remember the elements that make up an order, carry out the purchase process of a order, manage payment, control fraud linked to the security of the service, make the request for registration or participation in an event, count visits for the purposes of billing software licenses with which the service works (website, platform or application), use security elements during browsing, store content for the dissemination of videos or sound, enable dynamic content (for example, loading animation of a text or image) or share content through social networks.
Technical cookies will be exempt from compliance with the obligations established in article 22.2 of the LSSI when they allow the service requested by the user to be provided, as is the case with the cookies listed in the preceding paragraphs. However, if these cookies are also used for non-exempt purposes (for example, for behavioural advertising purposes), they will be subject to these obligations.
b) Cookies of preferences or personalization: they are those that allow remembering information so that the user accesses the service with certain characteristics that can differentiate their experience from that of other users, such as, for example, the language, the number of results to show when the user performs a search, the appearance or content of the service based on the type of browser through which the user accesses the service or the region from which the user accesses the service, etc.
If it is the user himself who chooses these characteristics (for example, if he selects the language of a website by clicking on the icon of the flag of the corresponding country), cookies will be exempt from the obligations of article 22.2 of the LSSI because they are considered a service expressly requested by the user, and this if the cookies are exclusively for the purpose selected.
c) Analysis or measurement of cookies are those that allow the person responsible for them to monitor and analyse the behaviour of the users of the websites to which they are linked, including the quantification of the impacts of the advertisements. The information collected through this type of cookie is used to measure the activity of the websites, application, or platform, to introduce improvements based on the analysis of the usage data made by the users of the service.
d) Behavioural advertising cookies are those that store information on the behaviour of users obtained through continuous observation of their browsing habits, which allows the development of a specific profile to display advertising based on it.
3.3.- According to the length of time they remain activated
a) Session cookies: are those designed to collect and store data while the user accesses a web page. They are usually used to store information that is only interesting to keep for the provision of the service requested by the user on a single occasion (for example, a list of products purchased) and they disappear when the session ends.
b) Persistent cookies: are those in which the data is still stored in the terminal and can be accessed and processed for a period defined by the person responsible for the cookie, and which can range from a few minutes to several years.