Latvian Guide on the use of Cookies

  1. Personalized Cookies: These are optional cookies that are also referred to as visitor settings cookies. Personalized cookies allow websites to remember user preferences. Examples of such user preferences include: the language chosen, the number of search results requested, the aspect of the service or content depending on the browser and its availability in the particular registration, etc; The user’s consent is not required for the use of such cookies.
  2. Analytical Cookies: These are optional cookies used by advertisers that allow websites to track and analyse the user’s browsing habits. Such cookies also allow advertisers to customize ads according to the user’s interests. Cookies that allow statistical information in relation to website visitors are also considered analytical cookies. The user’s consent is required for the use of such cookies.
  • Valid Consent
  • Consent must be given by a clearly affirmative action as per Article 4(11) of the GDPR. This implies a freely given, specific, informed and unambiguous indication of the data subject’s consent to the processing of personal data relating to them, for example by written, including by means of an electric, or oral statement. The DVI clarifies that any such cookie consent choice must not adversely affect the user and the choice must not affect the quality of the service received. This means the use of cookie walls is prohibited.
  • Consent of Underage Persons
  • ​​If the website user is under 13 years of age, the processing of personal data within the scope of public service will be lawful if the consent has been provided by the legal guardian. The data controller must make reasonable efforts to verify in such cases whether consent has been given or approved by a person who is a parent or legal guardian. Moreover, controllers are asked to refrain from profiling children for marketing purposes as children represent a vulnerable group of society and can be easily affected by behavioral advertising.
  • Ability to Withdraw Consent
  • Data controllers must allow users to withdraw their consent at any time to the processing of cookies via a user-friendly and easy method. To this end, the website must provide information to users on how to withdraw consent and remove cookies.
  • Proof of Consent
  • Where the processing is based on the consent of the data subject, data controllers must be able to provide, at any time, the proof of valid collection of users’ consent. Such consent records will help organizations demonstrate compliance with the applicable legal requirements.
  • Renewal of Consent
  • Consent to cookies is valid until the purpose of the processing of personal data is achieved. If the purpose of the processing of personal data has been achieved or changed, then the data controller must request consent to the use of cookies on the website again.
  • Consent Management Tools
  • The DVI provides a non-exhaustive list of tools used for obtaining the user’s consent.
  1. Many websites and smartphone programs allow users to set service menus, for example, users can be asked to allow access to information on their smartphone. In this process, users can set their consent to cookies through the settings of an integrated user.
  2. Consent before Downloads of Featured Service or Applications
  3. Users should be duly informed that a request for download of a service or application in question requires their consent for the use of certain cookies for a specific purpose. Users should be informed if the processing of these cookies is provided by a third party and must be informed of the purposes of such third-party cookies to make an informed decision.
  4. Consent Management Platforms
  5. If the data controller is unable to provide sufficient information on the purpose of using third-party cookies, information may be provided including a link to a third-party website. In this case, the solution may have consent management platforms (CMPs) that meet the requirements of GDPR.
  • As a general rule, obtaining the user’s consent via the user’s browser settings is not permitted. However, in order for the user browser settings to constitute a valid. This is because of the reason that an average user is not always aware of how to use their browser settings to reject cookies even if the information is included in the privacy policy. The DVI emphasizes that assuming user’s consent by its browser settings would mean that the users would accept data processing without possibly knowing the purposes of cookies. Therefore, such consent is not valid.
  • Compliant Cookie Banner
  • Data controllers must provide clear, concise, simple, perceptible, and comprehensive information to the users about the use of cookies. This must include information on the purpose of using cookies including essential/technical cookies, communicated to users in a transparent manner before the processing of cookies.

Multi-layered Approach to Ensure Transparency

Controllers may use a multi-layered approach to ensure transparency. Multi-layer cookie notifications can help address the issue of overloading of information by allowing users to switch directly to the section of the notification they want to read. The layers should contain the following:

Cookies

We use our own and third-party cookies to store your shopping history and use information about your previously purchased products to advise you on other products that we believe will be of interest to you. To learn more about our cookie policy, please click on the “More information” button.

Agree and Disagree Buttons

In order to ensure that the cookie banner complies with the applicable legal requirements, data controllers must give equal prominence to “Agree”, “Disagree” and “More Information” buttons on the cookie consent banner. This means that these buttons should be in the same font and color fill, without any accents.

  • In order to be compliant with the principle of transparency, the terms and conditions included in the cookie policy developed by the data controller should contain information about the planned processing of personal data by using cookies. This should include information on categories of cookies:
  • According to their management structure;
  • According to the purpose of processing thereof;
  • According to their shelf life.
  • This obligation requires data controllers to outline such information in an intelligible manner and appropriate language for the users before they are offered the opportunity to consent or refuse consent. The DVI has also provided a model cookie policy on their website for further clarification.
  • Cookie Lifespans
  • Subject to the principles of minimization and retention restrictions, cookies cannot be stored longer than necessary to achieve the purpose.
  • Impact Assessment before the use of cookies
  • The Data State Inspectorate has published a list of processing operations for which the performance of a data protection impact assessment is mandatory. The list contains processing operations that include systematic monitoring, tracking or surveillance of the location or behavior of individuals, as well as large-scale profiling of individuals. Consequently, the DVI encourages careful consideration of the performance of the data protection impact assessment if the website offers content that could be attributed to sensitive personal data (e.g. dating network website, or a website providing information health services), or which the client could consider to be specially protected (for example, the main activity of the website is related to a financial service). This is also recommended in cases where a result of an analysis carried out by the controller, concludes that the processing may pose a high risk to the rights and freedoms of the data subject.

How Securiti can help?

Securiti’s Cookie Consent Banner Solution enables companies to build cookie consent banners in accordance with the applicable legal requirements. It can help you comply with the Latvian Guidance on the use of cookies with the help of the following features:

  • Configurable preference center
  • Auto-blocking of non-essential cookies
  • Dynamic consent refresh
  • Granular consent records and reporting

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store