Cookies, which are typically unique, anonymized bits of information used in the operation of a website, are used to process visitors’ personal data in the vast majority of cases. As such, cookies must comply with the European General Data Protection Regulation (GDPR) and the practices and expectations of the National Authority for Data Protection and Freedom of Information (NAIH) in relation to cookies and their use.
It is also often the case that individual cookies are incorrectly categorized (for example: cookies that require consent are indicated as essential cookies) or that the website operator requires the visitor to accept all cookies at once without consideration to the nature of the cookies.
However, within the EU, the practice of data protection authorities of different member states on cookie-related data processing is still evolving and different opinions on data protection implications of cookie use may be adopted by authorities in different countries. Bearing this in mind, the decisions of the various European data protection authorities related to cookies do not always correspond, or in many cases reflect the position of the given authority on specific sub-issues. In this context, it is particularly important for website operators using cookies to consult with data protection experts before using cookies and to review the cookie practices applied with respect to the website from time to time.