Belgian Privacy Commission Provides Guidance on the Use of Cookies and Compliance with the Data Protection Act

The Belgian Privacy Commission recently issued a guidance document on the use of cookies and similar technology.

The document contains an extensive analysis of the applicable statutory framework and compliance with the principles of the Data Protection Act when using cookies.

Cookie policy
In general, the Privacy Commission stresses the importance of providing clear and sufficient information on the use of cookies by means of a cookie policy. The cookie policy should be easily accessible from the home page and made available to visitors before cookies are placed.

The Privacy Commission extensively addresses the issue of consent and indicates per type of cookie whether consent should be obtained.

It also provides guidance on how consent may be obtained. Pop-ups are to be avoided. Instead, it is recommended to use, for example, banners or tick boxes on subscription pages.

Concrete recommendations
The document contains specific recommendations to all parties involved in the setting-up and operation of websites, i.e. website owners, visitors, editors, administrators, hosts and advertisers. Selected recommendations are given below.

Website owners are recommended to:

  • provide instructions to website editors and administrators by means of agreements, security policies or other appropriate documentation;
  • make a cookie policy available on the website;
  • enter into an agreement with advertisers containing appropriate data protection provisions before making advertising space available on the website.

Website editors are recommended to:

  • consult with the website owner on the use of cookies and the cookie policy;
  • develop the software/website in such a way that cookies requiring consent are not placed before consent has been obtained;
  • develop the software/website in such a way that personal data are accessible only to authorised persons.

It should be noted that not all recommendations are easy to implement in practice. Nevertheless, the document provides useful guidance for all parties involved on how to ensure compliance when using cookies.