On November 4, 2024, the Data State Inspectorate (DVI) issued guidance on incorrectly created cookie banners.

What are the key points of the guidance?

The DVI emphasized that cookies that are not essential can only be collected with user consent. The DVI explained that cookie banners should be simple, without redundant or misleading information, and clear. The DVI noted that if only functional cookies (which do not require consent) are used, then a controller should provide a short description and acknowledgment button, like 'got it.' Whereas, if consent is requested for non-mandatory cookies such as statistical, customized content, or marketing cookies, the controller must give the data subject the option to agree or not.

Furthermore, the DVI provided practice examples of cookie banners, including providing clear choices, displaying the same language as the user chose to view the website without pre-selected options, and ensuring easy opt-out capabilities.

The DVI also warned against bad practices that mislead users or restrict access. These include banners lacking opt-out options, failing to provide adequate information about the processing of cookies, and using pre-checked boxes.

Consequently, the DVI encouraged website maintainers and owners to review their practices and familiarize themselves with the available DVI guidelines and seminars on cookie compliance.

You can read the press release, only available in Latvian, here.