Udělení souhlasu při použití cookies
In January 2022 the Czech Republic has amended its law in order to implement the requirements stipulated in the Privacy and Electronic Communications Directive 2002/58/EC. In 2002 the “ePrivacy” Directive originally prescribed an opt-out system with regards to storing and accessing data within an end user’s device, irrespective of whether these concern personal data or not. This means it was allowed to store and access data, most commonly done by placing and reading cookies unless the user opts to refuse this. However, in 2009 that Directive was amended requiring an opt-in consent (with the exception of technical or functional cookies). For a very long time, the Czech legislation did not reflect that latest requirement.
Electronic Communications Act (zákona o elektronických komunikacích)
With the approval in 2021 of the amendment to the Electronic Communications Act (zákona o elektronických komunikacích), any ambiguities are removed with effect from 1 January 2022; Website administrators may store or collect (personal) data of visitors to their website only with their provable consent (opt-in principle). Visitors must be able to simply refuse or revoke the consent and must be provided with accurate and complete information in a clear and comprehensible manner on all relevant issues, such as the purposes of the processing, the expiration of the cookies, the recipients to whom the data may be transferred or the data subject’s rights.
According to the Czech Office for Personal Data protection (ÚOOÚ), it is appropriate, for better clarity, to provide the information in several layers, which will allow data subjects to decide whether to read a brief or more detailed wording of the information. A list of individual cookies, including their purpose, can definitely be recommended. The location of this information needs to be considered with regard to the number of cookies so that the information provided is clear and at the same time easily accessible. Thus, the information can be provided after clicking on “more information” or there can be a link to a document or page containing information about cookies. Consent should also be structured and granted for each of the intended purposes.
Failure to comply with the new rules is subject to penalties under the GDPR, potentially up to EUR 20,000,000 or 4% of the company’s total worldwide annual turnover (whichever is
higher). Complianz has been designed specifically for use by website administrators and Agencies in the Czech Republic, to help them comply with the GDPR, the ePrivacy Directive and the zákona o elektronických komunikacích.
