Cookies and pixels under EU GDPR
Assign topic to the user
Are pixels and cookie IDs regarded as personal data?
I am assuming you are referring to Facebook pixels ID which is considered as an analytic cookie. If so, yes, analytic cookies are considered personal data, and they are ruled by the e-privacy directive (a new e-privacy regulation is under approval procedure between the EU Commission and the EU Parliament).
How can we cope with a deletion request if we cannot correlate a cookie ID with a specific person?
Usually, cookies deletion is managed by users’ browser and it is the user who can manage cookie deletion by its own browser.
Do we have to delete the cookie IDs after a specific period of time?
Yes, you should establish the data retention period in your data policy. Some cookies last one session, others 24 hours, and some last one year. On the market, there is plenty of tools that can help you to determine the period.
Do we require consent to place cookies?
It depends on the cookies. The e-privacy directive states that you need consent, except for strictly necessary cookies which are essential to browse the website and use its features, such as accessing secure areas of the site. You should, however, explain their existence and use, in the privacy notice.
Here you can find more information:
- EU GDPR vs. European data protection directive: https://advisera.com/eugdpracademy/blog/2017/10/30/eu-gdpr-vs-european-data-protection-directive/
- Is consent needed? Six legal bases to process data according to GDPR: https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/
- Everything you need to know about the GDPR Privacy Notice: https://advisera.com/articles/gdpr-privacy-notice-6-key-elements-to-include/
You can consider enrolling in our free EU GDPR Foundations Course
EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//
Comment as guest or Sign in
Jul 29, 2020