The Czech Republic is one of the many countries working to protect data privacy and consumer rights. Their Chamber of Deputies recently amended the ECA – or the Electronic Communications Act. This change allowed them to align their regulations with those outlined in the European Electronic Communications Code.
This alignment isn’t the only reason for the regulatory change, though. The amendment will also facilitate a shift towards an opt-in requirement – which requires data controllers to obtain consent rather than providing an opt-out solution. It also expands the scope to cover anyone that manages a website that uses cookies and other trackers.
The Czech Republic will Implement Stricter Cookie Oversight in 2022
Cookies: The Basics
If you wish to understand the stricter rules that the Czech Republic will be implementing, it is essential to answer the following questions: what are cookies, and what do companies use them for?
‘Cookies’ is a term that refers to the scripts and text files that allow a website to operate. Cookies are stored on the user’s device as they browse the website to remember the items in their cart, improve load times, and more.
In other words, the cookies identify the user so that the site recognizes that it is the same person interacting with the site. Without cookies, the website would not remember that information each time the site reloads and would take away from the user experience.
Did you know that websites can also use cookies for analytical and statistical purposes? By downloading them to your device, companies can measure website traffic, track what users do on each page, and better understand their site performance.
Likewise, websites can use the information for marketing. Specifically, it allows companies to create targeted ads based on your browsing history and what users are most likely to be interested in. When brands have access to this type of data, they can maximize the effectiveness of online ads and reach the target viewer at the right time.
However, this practice raises many concerns about privacy and data security. That’s why so many countries are working to implement laws that require websites to obtain consent before storing cookies on user devices.
Cookie Consent Manager | Take a 2 week free trial
Take a 2 week free trial for our paid plans or create a free account …
Understanding the Current Regulatory Environment
So, what does the current legal framework look like? As we mentioned, the stricter rules are going to be implemented through an amendment to the ECA – which means there is already a privacy law in place.
The ECA is based on the ePrivacy Directive in Europe, but it doesn’t explicitly apply to cookies. Instead, it addresses any tracker or similar technology that can be stored on a user’s device to read or collect information.
While cookies are the most common example of technology that falls into this category, it also includes tracking pixels, device fingerprints, web beacons, and more. These trackers can identify users by analyzing their operating system, language settings, screen resolution, and other key settings.
Per the ECA, any website owner or entity that manages a mobile app must inform users about their cookies. They must provide details about the scope and purpose of the data that is collected, as well as how it will be processed.
To comply, most companies in the Czech Republic use cookie banners to display this information on the header or footer of the website. Sometimes they will also have a cookie policy on a separate page that includes additional details.
They also give users the option to opt-out of cookie processing and other similar tracking. That means the website will track and measure user behavior until they express their wish to opt out. In other words, if you don’t want to be tracked while you browse the web, then you need to change your browser settings and express your disagreement.
Changes in cookie consent to Expect in 2022
In 2009, regulators amended the language in the European ePrivacy Directive to shift away from the opt-out standard. Instead, they introduced a new obligation to obtain the user’s consent before using cookies and other tracking technologies.
Consent Obligation
The legislators in the Czech Republic are working to amend the ECA to better align with the European regulations. As such, the most significant changes to expect in 2022 relate to consent and the requirement to get permission before using website cookies.
Not only must website and mobile app operators get consent before they use cookies or other trackers, but they must also retain evidence to prove that they got permission. The consent should include an understanding of the scope and purpose of the data that will be collected and processed.
Unlike the opt-out regime of the past, this update requires data controllers to get active consent first. Simply put, you can’t use cookies until the user gives their consent!
Exceptions to the Consent Obligation
There are some exceptions to the need for prior consent when using cookies, but they are very specific. You do not need to get consent if you need to use cookies for technical storage or facilitate a service that the user explicitly requested.
Although the line is not always clear between when cookies are needed and when they are no longer necessary, consider the fact that consent is required in most cases.
Quality of Consent
The consent obligation is not the only shift you should expect to see as we move into 2022. The GDPR also requires cookie consent to be of a certain quality. It needs to be voluntary and informed, which means the user has the real option to decline and that they completely understand the implications of their decision.
For example, a website should not block access to a page if the user does not provide consent for cookie tracking. If you think about it, the permission in this scenario is not voluntary – if the user doesn’t say yes, then they cannot access the information they need on the website.
Likewise, if a user gives consent but your website did not provide any information about what data is collected – and for what purpose – then the permission is not informed. In other words, before a user can give informed consent, they need to be given access to your cookie policy that clearly defines the intent of the trackers.
Simply providing a banner with a check box that states ‘I agree to the use of cookies’ is no longer sufficient. It should also be just as easy for a user to revoke their consent as it is to provide it!
Are your an agency, webdesigner or another reseller?
Earn 30% commission, take a look at our reseller model or contact us for numbers larger than 500 clients
How to Prepare for the Future
Now that you understand the current regulatory environment and the changes to expect in 2022, you might be wondering what you can do to prepare for the future.
The amendment to the ECA will take effect in 2022 – as soon as the President signs it – so you must take the necessary steps to adjust your website and cookie policies right away. Simply put, if you operate a mobile app or website that uses cookies or other trackers for marketing and analysis, then you will be impacted.
Assess the Impact of These Changes on your Business
Start by analyzing your current processes and the tools you use on your website. Do you rely on cookies and similar technology for marketing purposes? Do you need them to keep your website operational and improve the user experience?
Once you understand the impact cookies have on your business – and how you use them – you can determine whether you need to ask for consent. If they meet the requirements for opt-in under the amended ECA, then you will need to modify cookie banners and existing tracking policies.
If your company transfers personal information to a country outside the EU or the European Economic Area, you will also need to review those practices. The Czech Data Protection Authority is looking at these issues with additional scrutiny to ensure that the processes comply with the ECA and GDPR.
Create a Compliant Cookie Policy
Another step you should take is to create a cookie policy. It needs to clearly describe what the cookies are used for, how they can revoke their consent and other relevant information needed per the GDPR. Similarly, users should be able to access it easily whenever they wish to review it.
You should also ensure that you have the appropriate storage period for every tracker and cookie used. While there are many tools available online to help with this, you must ensure the specific settings comply with the ECA.
Keep Future Changes in Mind
While this amendment allows the laws in the Czech Republic to align with European standards, there will be more changes to come. Eventually, the ePrivacy Regulation will replace the ePrivacy Directive and the applicable portions of the ECA.
Although the law was postponed on a few different occasions, you should prepare for it when it eventually gets approved. Until then, focus on following the amended ECA and existing GDPR guidance.