Greece: New requirements for using website cookies

Blog
The Greek Data Protection Authority is following fellow European DPA’s and tightens the requirements for using cookies on websites. New rules will impact a majority of Greek businesses.
Table of Contents

Hellenic data protection authority publishes new cookie guidelines

On February 25th, 2020, the Hellenic Data Protection Authority (HDPA) published a new set of guidelines on cookies and similar tracking technologies, thereby tightening the requirements for data processing as specified in the ePrivacy Directive and the General Data Protection Regulation (GDPR).
The new requirements emphasize:
  • Website visitors must give consent before cookies, and other trackers are placed (including marketing and statistical cookies).
  • Users must be thoroughly informed about the use of trackers in a cookie pop-up and in a cookie policy.
  • Not allowing visitors to use the website without having given consent is considered bad practice*
*Websites may not use the ‘data for access’ method (cookie walls) and may not provide the user with no option for declining/rejecting cookies and trackers.
The HDPA has given data controllers (website owners and publishers) a two-month grace period to make arrangements for cookie compliance.

Privacy on the rise in Europe

European data protection is only moving in one direction: a direction in which existing rules and requirements are clarified and updated guidelines to cookies and data processing are published almost by the hour.
Most recently, The Danish Data Protection Authority (Datatilsynet) released what seems to be the strictest interpretation of the GDPR when it comes to cookies and data processing.
The Danish DPA requires that all websites must:
  • Present visitors with an option to decline cookies on the consent pop-up’s primary page*
  • Obtain valid consent before placing any cookies or trackers on the user’s device**
  • Inform visitors more thoroughly about data controllers and data processors (in the cookie banner).***
*the possibility to decline cookies can no longer be placed ‘one-click-away,’ e.g. in cookie settings.
**except technically necessary cookies (not Google Analytics here).
*** It’s not enough to refer to Doubleclick as a data processor and the owner of Doubleclick, the more well-known Google.
The Danish DPA has not given any grace period and expects websites to comply with the new requirements.

Cookie compliance made easy

Are you looking to meet the requirements outlined by European Data Protection Authorities for using cookies on your website?
Look no further. Cookie Information offers a leading European Consent Management Platform where you can comply with the ePrivacy Directive (the ‘cookie law’), the GDPR, and the requirements of your national Data Protection Authority.
or
get an assessment of your business' cookie compliance right here [completely free].