A cookie may be stored on the user's device permanently (stored cookie) or be deleted after the user leaves a service.
Cookies may be used for collecting, for example, the following data:
- the user's IP address
- pages visited
- browser type
- the web address from which the user came to the site
- the server from which the user came to the site
- the domain name from which the user came to the site.
Website users must be given clear and complete information on cookies and the storage and use of data concerning the use of the service. Service users must be asked for consent to save and use the data. Websites should present information and allow users to deny the storage of data in the most user-friendly manner possible.
Section 7 of the Act on the Protection of Privacy in Electronic Communications
Information on cookies does not have to be provided if:
- cookies are only used for enabling the technical transmission of messages;
- cookies are only used for making it easier to use the service;
- the user has requested a service based on cookies (e.g. online banking services).
A service provider must comply with the Act on the Provision of Information Society Services and the obligation to provide information as defined in the Act if:
- it stores cookies or other information on the use of the service on the user's terminal device;
- it uses the web service usage data.
If the obligation to provide information concerns, for example, the provider of services related to website usage statistics, the website service provider may ask for consent for processing the information.
The Act on the Provision of Information Society Services is applied to social networking and entertainment services on the internet.