12 Nov Cookies: how to inform the user
Autor: Francisco Moreno (Abogado, Socio fundador)
Certain cookies may involve the processing of personal data. Already recital 30 of the RGPD stated that ‘natural persons can be associated with online identifiers provided by their devices, applications, tools and protocols, such as Internet protocol addresses, session identifiers in the form of “cookies” or other identifiers, such as radio frequency identification tags’.
The starting rule is article 22.2 of Law 34/2002, on information society services and electronic commerce (the “LSSICE”). This provision allows the use of data storage and retrieval devices (cookies), provided that the recipient of the terminal equipment has given its informed consent in accordance with data protection regulations.
The Guide to the AEPD also contains important clarifications regarding consent, an issue that, due to its length, we will address in this blog in a later post.