At the end of 2021, the National Council of the Slovak Republic passed the new Electronic Communications Act[1], which, with effect from 01 February 2022, brings important changes regarding cookie settings and penalties for breaches of the Act.
The Office for Regulation of Electronic Communications and Postal Services will impose a fine from EUR 200 up to 10% of the turnover for the previous accounting period on businesses that have breached or failed to comply with any of the obligations under Section 109(8) of the Electronic Communications Act.
Under the new legislation, only the necessary (technical) cookies necessary for the functioning of the website may be processed without obtaining explicit consent. Particularly important in this respect is the change in the form of the required consent. Previously, the setting of a web browser or other computer program could also constitute consent.
How to set up the cookie consent form (pop-up window) correctly:
- if the cookie consent form contains an option to accept all cookies – it must also contain the same option to reject all cookies;
- the cookie consent form must not contain pre-checked options to accept individual types of cookies;
- the cookie consent form should not contain misleading colours;
- the option to accept cookies should not be more prominent than the option to reject them;
- the cookie consent form should provide a link to a website with information about cookies and about how consent to the processing of cookies can be withdrawn;
- users should be able to choose what types of cookies they consent to (e.g. analytical, marketing)
- the individual types of cookies should be properly categorised
It must be possible to visit the website without giving the aforementioned consent.
About cookies
Cookies are small text files that may be stored on your computer, tablet or mobile phone when you browse or are active on a website.
The individual types of cookies are responsible for the correct functioning of the website and can collect different information about visitors depending on the type of information processed, such as preferred font size, default language, completed login details, or the ads displayed, or even remember the contents of your shopping cart.
Simply put, by means of cookies, website operators can analyse the behaviour of website visitors, adapt to their activity and preferences, and thus simplify and improve the experience of visiting the website.
Cookies are divided according to their purpose as follows:
- Necessary (technical) cookies – responsible for the proper functioning of the website (e.g. default font size, remembering the contents of the shopping cart, etc.)
- functional and analytical cookies – responsible for collecting information about website traffic
- marketing cookies – responsible for collecting and evaluating information based on activity on the website, helping advertisers to deliver more relevant ads or limiting the number of times an ad is displayed.
According to their duration, cookies are divided into:
- session cookies – the files are deleted when the browser is closed
- persistent cookies – this category includes all cookies that remain on your hard drive until they are deleted or until the browser deletes them, depending on the cookie’s expiry date.
Legislation on cookies after 01 February 2022
According to Section 109(8) of the Electronic Communications Act, “anyone who stores or accesses information stored in the terminal equipment of a user shall be authorised to do so only if demonstrable consent has been granted by the user.(...) This shall not preclude the technical storage of, or access to, data the sole purpose of which is to transmit or facilitate the transmission of a message over a network, or where it is strictly necessary for an information society service provider to provide an information society service that is expressly requested by the user.”
Penalties for breaching the provisions on cookies
The new legislation also introduces relatively high penalties for breaching the provisions relating to cookie settings. The Office for the Regulation of Electronic Communications and Postal Services will impose a fine of between EUR 200 up to 10% of the turnover for the preceding accounting period on a legal entity or natural person-entrepreneur who has breached or failed to comply with any of the obligations under Section 109(8) of the Electronic Communications Act. For the purposes of this Act, turnover is understood to mean the sum of all sales, revenues or income from the sale of goods or services, excluding indirect taxes, to which financial assistance granted to the legal person or natural person-entrepreneur is added.
We hope you find the above information useful. If you are interested in additional details, please do not hesitate to contact us.
Nina Jamborová, Zuzana Krajčovičová
[1] Act No. 452/2021 Coll., on electronic communications