The Czech Republic is one of the many countries working to protect data privacy and consumer rights. Their Chamber of Deputies recently amended the ECA – or the Electronic Communications Act. This change allowed them to align their regulations with those outlined in the European Electronic Communications Code.
The Czech Republic will Implement Stricter Cookie Oversight in 2022
Cookies: The Basics
If you wish to understand the stricter rules that the Czech Republic will be implementing, it is essential to answer the following questions: what are cookies, and what do companies use them for?
‘Cookies’ is a term that refers to the scripts and text files that allow a website to operate. Cookies are stored on the user’s device as they browse the website to remember the items in their cart, improve load times, and more.
In other words, the cookies identify the user so that the site recognizes that it is the same person interacting with the site. Without cookies, the website would not remember that information each time the site reloads and would take away from the user experience.
Likewise, websites can use the information for marketing. Specifically, it allows companies to create targeted ads based on your browsing history and what users are most likely to be interested in. When brands have access to this type of data, they can maximize the effectiveness of online ads and reach the target viewer at the right time.
However, this practice raises many concerns about privacy and data security. That’s why so many countries are working to implement laws that require websites to obtain consent before storing cookies on user devices.
Understanding the Current Regulatory Environment
So, what does the current legal framework look like? As we mentioned, the stricter rules are going to be implemented through an amendment to the ECA – which means there is already a privacy law in place.
The ECA is based on the ePrivacy Directive in Europe, but it doesn’t explicitly apply to cookies. Instead, it addresses any tracker or similar technology that can be stored on a user’s device to read or collect information.
While cookies are the most common example of technology that falls into this category, it also includes tracking pixels, device fingerprints, web beacons, and more. These trackers can identify users by analyzing their operating system, language settings, screen resolution, and other key settings.
Per the ECA, any website owner or entity that manages a mobile app must inform users about their cookies. They must provide details about the scope and purpose of the data that is collected, as well as how it will be processed.
They also give users the option to opt-out of cookie processing and other similar tracking. That means the website will track and measure user behavior until they express their wish to opt out. In other words, if you don’t want to be tracked while you browse the web, then you need to change your browser settings and express your disagreement.
Changes in cookie consent to Expect in 2022
In 2009, regulators amended the language in the European ePrivacy Directive to shift away from the opt-out standard. Instead, they introduced a new obligation to obtain the user’s consent before using cookies and other tracking technologies.
The legislators in the Czech Republic are working to amend the ECA to better align with the European regulations. As such, the most significant changes to expect in 2022 relate to consent and the requirement to get permission before using website cookies.
Exceptions to the Consent Obligation
Although the line is not always clear between when cookies are needed and when they are no longer necessary, consider the fact that consent is required in most cases.
Quality of Consent
The consent obligation is not the only shift you should expect to see as we move into 2022. The GDPR also requires cookie consent to be of a certain quality. It needs to be voluntary and informed, which means the user has the real option to decline and that they completely understand the implications of their decision.
For example, a website should not block access to a page if the user does not provide consent for cookie tracking. If you think about it, the permission in this scenario is not voluntary – if the user doesn’t say yes, then they cannot access the information they need on the website.
How to Prepare for the Future
Now that you understand the current regulatory environment and the changes to expect in 2022, you might be wondering what you can do to prepare for the future.
Assess the Impact of These Changes on your Business
Start by analyzing your current processes and the tools you use on your website. Do you rely on cookies and similar technology for marketing purposes? Do you need them to keep your website operational and improve the user experience?
Once you understand the impact cookies have on your business – and how you use them – you can determine whether you need to ask for consent. If they meet the requirements for opt-in under the amended ECA, then you will need to modify cookie banners and existing tracking policies.
If your company transfers personal information to a country outside the EU or the European Economic Area, you will also need to review those practices. The Czech Data Protection Authority is looking at these issues with additional scrutiny to ensure that the processes comply with the ECA and GDPR.
You should also ensure that you have the appropriate storage period for every tracker and cookie used. While there are many tools available online to help with this, you must ensure the specific settings comply with the ECA.
Keep Future Changes in Mind
While this amendment allows the laws in the Czech Republic to align with European standards, there will be more changes to come. Eventually, the ePrivacy Regulation will replace the ePrivacy Directive and the applicable portions of the ECA.
Although the law was postponed on a few different occasions, you should prepare for it when it eventually gets approved. Until then, focus on following the amended ECA and existing GDPR guidance.