• Arts
  • Language Services
  • Furniture
  • Educational Services
  • Private Equity
  • Event Management
  • Nonprofit / Foundation
  • Manufacturing
  • Information Technology
  • Human Resources
  • Hotels and Restaurants
  • Health Care & Pharmaceuticals
  • Media - Broadcast and Publishing
  • Engineering / Construction
  • Food Products, Beverages and Tobacco
  • Petroleum Industry
  • Wholesale and Retail Trade
  • Travel and Leisure
  • Transporting, Moving and Warehousing
  • Telecommunications
  • Security Services
  • Real Estate
  • Marketing and Public Relations
  • Energy
  • Finance
  • Consumer Goods
  • Law Companies
  • Consultancy
  • Architecture
  • Airlines


The Office for Personal Data Protection has updated the guidelines and rules for cookies and cookie bars

Company: Amcham

Technical cookies

At first, according to the Office, it is important to distinguish whether personal data is processed via "technical cookies" or "non-technical cookies". If the website only uses technical cookies that are necessary for its own operation, there is no need to use a cookie bar, however, the website users have to be informed of this fact (including a recommended list of cookies used and their purpose). If there is related processing of personal data, such information must also comply with the requirements of the GDPR.

Consent with use of non-technical cookies / cookie bar

A cookie bar is required for all other non-technical cookies. The cookie bar must meet certain requirements to ensure that the visitor to the website is not influenced in its choice of whether to give or not to give a consent. The buttons to agree or disagree with non-technical cookies should therefore be placed in the same layer of the cookie bar, ideally in the first layer. At the same time, the buttons should also be of comparable visual design, i.e. they should not be of a different colour or size.

The cookie bar itself should be of an appropriate design so that it does not hinder the readability and accessibility of the website content, i.e., it must not prevent interaction with the website even if the user has not chosen any of the options regarding consent with use of cookies. If the bar is placed in the middle of a website page, it should include the option to close the bar without selecting a specific choice. Non-technical cookies can only be activated after consent has been given. If consent is not given or if no option is selected by the user, the operator is obliged to leave non-technical cookies deactivated.

While it is always necessary to obtain the user's consent before using non-technical cookies, it is not excluded that the related processing of personal data may be based on other grounds, such as the legitimate interests of the controller (typically in case of analytical and statistical cookies). However, if such processing should be based on consent, it is necessary that the consent obtained through the cookie bar meets the GDPR requirements for specific, free, informed and unambiguous consent.

Recommended period of validity of the consent

The Office generally considers 12 months to be a reasonable period for which the consent to the use of cookies should be granted. If the user has refused to give consent, consent should not be required again for at least 6 months from the last time the cookie bar was displayed, although this period may be reduced in particular in the event of significant changes in processing or if the website operator is unable to keep track of previous consent/dis-consent.

For more information, please contact:


Tags: Law | IT |

AmCham Corporate Patrons



Are you sure? Do you really want to delete this item?