What is the Latvian DPA Cookie Guidelines and How Can You Comply with Them?
In this guide, we explore the Latvian DPA Cookie Consent Guidelines.
Latvian Data Protection Authority - DVI published its cookie guidelines in April 2022. The cookie guidelines were released following the cookie audit of websites of a number of merchants operating in Latvia, the result of which suggests that most of the websites are in violation of cookie laws in force in Latvia.
Cookie Audit carried out by DVI
The Latvian DPA sent warnings to these website owners in order to bring their websites into compliance with the GDPR and Information Society Services Act. The merchants were given until 11 April or 12 August to cure violations depending on the nature of violations.
Cookie Laws in Latvia
What are Latvian DPA Cookie Guidelines
Categories of Cookies according to their purposes
The Cookie Guidelines distinguish between 3 types of cookies based on their purposes. These are 1) technical cookies (also referred to as functional cookies), 2) personalized cookies, 3) analytical cookies.
Technical cookies are those without which the website cannot function. These cookies are used to operate and manage the website, which allow you to perform the functions of the website and provide the intended services, such as controlling traffic and communication, identifying the session, saving items into the shopping cart, completing the payment process, managing payment, detect and prevent fraudulent activity, count the number of uses for software licenses that allow you to use the service, etc. Without the use of technical cookies, a website or service may appear incomplete, both visually and technically. Technical cookies do not require consent under the Information Society Services Act.
On the other hand, personalized cookies and analytics cookies are optional cookies that help to customize the content of the website and to analyze users’ activities on the website. The use of personalized cookies allows the website to remember the language or visual layout. Under certain circumstances, these cookies may be used without consent. For example, if a user chooses the language of the website by clicking on the appropriate section of the website, you are no longer obliged to request consent for placing personalized cookies to save the language choice of the user.
Analytical cookies track the user's activities, obtaining statistics on his/her habits, length of stay on specific website links and how often the website is visited by that user. The use of these cookies require prior consent of the user.
What are the requirements of the Latvian DPA Cookie Guidelines?
In order to comply with the Latvian DPA Cookie Guidelines, you should satisfy the following requirements:
1. Provide clear and comprehensible information to the users
2. Use multi-layered approach
The Latvian Cookie Guidelines recommend using multi-layer cookie notifications. Instead of displaying all the information about cookies in one notification on the device screen, it should be divided into separate sections, avoiding information overload.
The first layer should be clearly visible to the user and should include information about the processing of users’ personal data and where/how users can find more detailed information about cookies.
The first layer of information should contain the following information:
- Identity of the website owner.
- The purposes for which the cookies placed on the website are used.
- Information whether only first-party cookies are used, or whether there are third-party cookies as well.
- General information on what data is collected when using analytics cookies
- The way users can accept, reject or customize cookies
If there is a section on the website that provides information about the identity of the website owner (i.e., About the Company) then it is not necessary to identify the website owner in the first layer. Additionally, if the identity of the controller can be clearly understood from the domain address (for example, the domain name is the same as the website owner's name/trademark by which it is known to the general public, or if such a name/trademark is clearly indicated on the website), identity is not required to be repealed in the first layer.
3. Keep the cookie notice until the user makes a decision
4. Consent must conform with GDPR standards
Consent provided by the website users must conform with GDPR standards of consent. In order for consent to be GDPR compliant it must be freely given, specific, informed and unambiguous indication of the wishes of the data subject.
5. Have both “Accept” and “Reject” options
6. Closing the banner cannot be considered consent
7. Do not rely on browser settings for consent
Relying on the user's browser settings as a method of obtaining consent is not considered to comply with the requirements of the General Data Protection Regulation. That is why it is not recommended to rely on browser settings as an indication of consent.
8. Consent must be demonstrable
If the processing is based on the data subject's consent, the website owner must be able to demonstrate that the data subject has given his/her consent to the processing operation.
9. Consent must be withdrawn easily
The user of the website can withdraw his/her consent at any time as easily as he/she has given it. To this end, the website must provide information on how to withdraw consent and remove cookies. For example, if consent is obtained with just one mouse click or keystroke, data subjects should be able to withdraw that consent just as easily.
10. Renew consent regularly
Model Cookies Policy
- Information on what cookies are
- Purposes of different types of cookies
- List of cookies used on the website
- Information on how a user can accept and reject cookies
- Information on how a user can withdraw consent
How to Obtain Valid GDPR Cookie Consent under the Latvian DPA’s Cookie Guidance
With Secure Privacy’s GDPR cookie banner, you can obtain valid cookie consent from users. Our solution helps you to ensure that:
- You do not bundle consents. Instead, Secure Privacy’s GDPR cookie banner ensures that consent is obtained for all purposes by allowing users to select the types of cookies to which they consent. See more about the GDPR cookie guidelines.
- You include an opt-in for every type of cookie on your website that is not pre-checked to show user consent.
- You provide information on how to withdraw consent for using cookies within your cookie notice and a mechanism to guarantee that your visitors re-affirm their consent after every six months.
- You record consents in a way that can show the visitors ability to withdraw.
- You include a link to the cookie notice to give users additional information, such as the third parties that will have access to their personal data in case they give consent to the installation of a third-party analytics cookie.
Latvian DSI Cookie Guidelines (available in Latvian)
The ultimate guide to GDPR Cookie Consent Compliance
Guide to the Best Data Privacy Certifications: What Are They, What Are the Best Privacy Certifications, and Do You Need One?
Learn about data privacy certifications for professionals and businesses in this comprehensive guide. Discover the best certifications for privacy professionals and understand how businesses can ensure compliance with privacy laws. Secure Privacy provides essential guidelines and training solutions for data privacy.
- Data Protection
CPPA Releases Draft Automated Decisionmaking Technology Regulations: What Does the Proposed Regulatory Framework for Automated Decision-Making Technology Include?
Explore the proposed regulations by CPPA addressing Automated Decision-Making Technology, risk assessments, and data broker registration to safeguard consumer privacy. Understand the implications, key elements, and compliance measures outlined in this comprehensive framework.
UK Parliament Advances the UK Data Protection and Digital Information Bill for UK GDPR Reform
Discover the latest developments surrounding the UK Data Protection and Digital Information Bill, its potential implications for businesses and individuals, key features replacing the GDPR, and the anticipated impact on data protection in the UK.
- UK DPA