What is the Latvian DPA Cookie Guidelines and How Can You Comply with Them?
In this guide, we explore the Latvian DPA Cookie Consent Guidelines.
Latvian Data Protection Authority - DVI published its cookie guidelines in April 2022. The cookie guidelines were released following the cookie audit of websites of a number of merchants operating in Latvia, the result of which suggests that most of the websites are in violation of cookie laws in force in Latvia.
Cookie Audit carried out by DVI
The Latvian DPA sent warnings to these website owners in order to bring their websites into compliance with the GDPR and Information Society Services Act. The merchants were given until 11 April or 12 August to cure violations depending on the nature of violations.
Cookie Laws in Latvia
What are Latvian DPA Cookie Guidelines
Categories of Cookies according to their purposes
The Cookie Guidelines distinguish between 3 types of cookies based on their purposes. These are 1) technical cookies (also referred to as functional cookies), 2) personalized cookies, 3) analytical cookies.
Technical cookies are those without which the website cannot function. These cookies are used to operate and manage the website, which allow you to perform the functions of the website and provide the intended services, such as controlling traffic and communication, identifying the session, saving items into the shopping cart, completing the payment process, managing payment, detect and prevent fraudulent activity, count the number of uses for software licenses that allow you to use the service, etc. Without the use of technical cookies, a website or service may appear incomplete, both visually and technically. Technical cookies do not require consent under the Information Society Services Act.
On the other hand, personalized cookies and analytics cookies are optional cookies that help to customize the content of the website and to analyze users’ activities on the website. The use of personalized cookies allows the website to remember the language or visual layout. Under certain circumstances, these cookies may be used without consent. For example, if a user chooses the language of the website by clicking on the appropriate section of the website, you are no longer obliged to request consent for placing personalized cookies to save the language choice of the user.
Analytical cookies track the user's activities, obtaining statistics on his/her habits, length of stay on specific website links and how often the website is visited by that user. The use of these cookies require prior consent of the user.
What are the requirements of the Latvian DPA Cookie Guidelines?
In order to comply with the Latvian DPA Cookie Guidelines, you should satisfy the following requirements:
1. Provide clear and comprehensible information to the users
2. Use multi-layered approach
The Latvian Cookie Guidelines recommend using multi-layer cookie notifications. Instead of displaying all the information about cookies in one notification on the device screen, it should be divided into separate sections, avoiding information overload.
The first layer should be clearly visible to the user and should include information about the processing of users’ personal data and where/how users can find more detailed information about cookies.
The first layer of information should contain the following information:
- Identity of the website owner.
- The purposes for which the cookies placed on the website are used.
- Information whether only first-party cookies are used, or whether there are third-party cookies as well.
- General information on what data is collected when using analytics cookies
- The way users can accept, reject or customize cookies
If there is a section on the website that provides information about the identity of the website owner (i.e., About the Company) then it is not necessary to identify the website owner in the first layer. Additionally, if the identity of the controller can be clearly understood from the domain address (for example, the domain name is the same as the website owner's name/trademark by which it is known to the general public, or if such a name/trademark is clearly indicated on the website), identity is not required to be repealed in the first layer.
3. Keep the cookie notice until the user makes a decision
4. Consent must conform with GDPR standards
Consent provided by the website users must conform with GDPR standards of consent. In order for consent to be GDPR compliant it must be freely given, specific, informed and unambiguous indication of the wishes of the data subject.
5. Have both “Accept” and “Reject” options
6. Closing the banner cannot be considered consent
7. Do not rely on browser settings for consent
Relying on the user's browser settings as a method of obtaining consent is not considered to comply with the requirements of the General Data Protection Regulation. That is why it is not recommended to rely on browser settings as an indication of consent.
8. Consent must be demonstrable
If the processing is based on the data subject's consent, the website owner must be able to demonstrate that the data subject has given his/her consent to the processing operation.
9. Consent must be withdrawn easily
The user of the website can withdraw his/her consent at any time as easily as he/she has given it. To this end, the website must provide information on how to withdraw consent and remove cookies. For example, if consent is obtained with just one mouse click or keystroke, data subjects should be able to withdraw that consent just as easily.
10. Renew consent regularly
Model Cookies Policy
- Information on what cookies are
- Purposes of different types of cookies
- List of cookies used on the website
- Information on how a user can accept and reject cookies
- Information on how a user can withdraw consent
How to Obtain Valid GDPR Cookie Consent under the Latvian DPA’s Cookie Guidance
With Secure Privacy’s GDPR cookie banner, you can obtain valid cookie consent from users. Our solution helps you to ensure that:
- You do not bundle consents. Instead, Secure Privacy’s GDPR cookie banner ensures that consent is obtained for all purposes by allowing users to select the types of cookies to which they consent. See more about the GDPR cookie guidelines.
- You include an opt-in for every type of cookie on your website that is not pre-checked to show user consent.
- You provide information on how to withdraw consent for using cookies within your cookie notice and a mechanism to guarantee that your visitors re-affirm their consent after every six months.
- You record consents in a way that can show the visitors ability to withdraw.
- You include a link to the cookie notice to give users additional information, such as the third parties that will have access to their personal data in case they give consent to the installation of a third-party analytics cookie.
Latvian Data State Inspectorate official website
Latvian DSI Cookie Guidelines (available in Latvian)
Spanish AEPD Cookie Guidelines: The Ultimate Guide
French CNIL Consent Guidelines
The Dutch DPA's Cookie Consent Guidelines
Greek DPA Cookie Consent Guidelines
Luxembourg DPA Cookie Guidelines
The ultimate guide to GDPR Cookie Consent Compliance
Top GDPR-Compliant Analytics Tools: Safeguarding User Privacy in 2023
Learn about the complexities of using Google Analytics 4 in accordance with the EU's General Data Protection Regulation (GDPR). Explore the compliance issues, and steps to make GA4 GDPR compliant, and discover privacy-friendly alternatives that provide powerful website analytics while respecting user privacy and data protection laws.
- Europe GDPR
Understanding Compliance: Navigating CCPA Regulations with Google Analytics 4
Discover the compatibility of Google Analytics 4 with the California Consumer Privacy Act (CCPA). This article explores the CCPA compliance of GA4, outlines the obligations it imposes on businesses, and provides insights on how to handle CCPA requirements while using Google Analytics 4 for data collection and analysis. Learn about opt-out mechanisms, data retention periods, and consumer request obligations to ensure compliance with CCPA regulations.
10 Principles of PIPEDA Explained: A Comprehensive Guide to Privacy Compliance
Learn about the 10 principles of PIPEDA, the federal privacy law of Canada, and understand how to ensure privacy compliance for your organization. Discover key concepts such as accountability, consent, limiting collection, safeguards, and more. Get insights into the applicability of PIPEDA and how it compares to other data protection laws worldwide. Stay informed and protect personal data in accordance with Canadian privacy regulations.
- Canada PIPEDA