The Guideline, aiming to ensure website operators’ compliance with the Law when using cookies, covers only the cookies used for processing personal data. In addition to websites, the Guideline is applicable to similar online applications connected to networks.
Definitions and types of cookies
In the Guideline, cookie is defined as “a type of text file placed on the user’s device by the website operators and is transferred as part of the HTTP (Hyper Text Transfer Protocol) query.” Another definition brought by the Guideline is as follows: “cookies are small sized rich text formats, which allow certain information about users to be stored on terminal devices when a web page is visited.”
The Guideline explains the types of cookies based on three main characteristics: (i) duration of the cookies; (ii) purpose of the cookies; and (iii) parties of the cookies. According to their duration, cookies are classified as session cookies and persistent cookies. As for their purpose, cookies are classified as strictly necessary, functional, performance-analytical and advertising/marketing cookies. According to their parties, cookies are divided into two categories as first-party and third-party cookies, depending on whether the cookie is placed by the website or the domain visited by the user.
Relationship between the ECL and the Law
As per the Guideline, the Law will be applicable to information society services as, unlike the EU Directive 2002/58/EC, this topic is not regulated under the ECL. In this context, the decision dated 27 February 2020 numbered 2020/173 is highlighted. Additionally, it is stated that the ECL may partially be applicable to the data controller operators.
In the Guideline, the Authority aims to guide website operators and those that process personal data through cookies to bring cookie practices in line with the legislation. Interested stakeholders may review this important Guideline and submit their opinions and suggestions to the Authority until 10 February 2022.