Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Czech Republic: New cookies and telemarketing regulation coming soon

Act No. 127/2005 Coll. Of 22 February 2005 on Electronic Communications and on Amendment to Certain Related Acts ('the Electronic Communications Act') regulates the use of cookies and telemarketing in the Czech Republic. This regulation will soon be amended as the Czech Parliament has introduced a conceptual change from an opt-out to opt-in regime regarding cookies and telemarketing. This change requires a new technical solution to be found and legal policies updated. Daniel Szpyrc, Jakub Kabát, and Tomáš Matějovský, from CMS Cameron McKenna Nabarro Olswang, advokáti, v.o.s., provide insight into the new legislation and how businesses can start preparing.

MF3d / Signature collection / istockphoto.com

Cookies

Websites and other platforms often use cookies and other tracking technologies, including pixel tags, web beacons, and fingerprinting. These allow information to be obtained concerning the end-users and their user experience on the website. They also help with security, web analytics, and statistics, such as measuring website traffic. In addition, tracking technology is vital for targeted marketing.

Currently, the use of tracking technologies is based on the opt-out regime whereby website owners can use this technology if they inform the end-users of it and offer them an opportunity to refuse such processing. Users can refuse that in the settings of their web browsers.

As of 1 January 2022, the conditions for using tracking technology will change to the opt-in regime. Tracking will be permitted only after receiving prior explicit consent from individual end-users. Website administrators must also keep records of this consent. However, technical cookies and similar technologies will be allowed without consent based on a legal exception.

Consent will be required even if no personal data is collected through cookies or similar technology, and must meet the requirements of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). It must be free, specific, informed, and expressed by an unambiguous expression of will. It is crucial to ensure that the end user will have an easy option not to grant consent. Hidden or complicated options how not to grant the consent will most likely represent a breach of legal regulations.

Practical tips

Use these new rules as an opportunity to carry out an internal audit of all used tracking technologies on your platforms. Determine the key tracking technology and delete unnecessary or unused technology. You might be surprised how many unused tracking systems are already implemented on your platforms.

Then categorise the key cookies or other technologies based on their purposes. You should also identify all entities that manage individual cookies and entities to whom personal data is transferred. It is crucial to ensure that these entities have been engaged in line with legal regulations. Further, you must ensure that personal data is transferred outside the European Economic Area in line with the GDPR.

The new law introduced a new requirement to obtain consent before using the tracking technology. Therefore, you should select the most appropriate technical solution for recording the consent.

Finally, prepare or update texts related to cookies, such as cookie policy or pop‑up banner. The new banner must contain a correct consent wording and provide end-users with transparent information. You can provide this information via a link to a more comprehensive privacy policy. The banner should also allow more precise setting of cookies and other tracking technology. Website users should be able to turn off specific cookies. We also strongly recommend implementing a button by which the user can simply refuse the use of cookies. This button could state 'only technical cookies' or similar wording suggesting that some cookies will still be used. You will then be able to use only technical cookies, which can be used without consent.

It is not just a theory  

The Office for Personal Data Protection ('UOOU') is continuously auditing whether websites observe the conditions for processing personal data. According to its annual report, the UOOU made eight inspections in 2020. These inspections focused mainly on media-significant websites and search engines, and dealt with the correct identification of the purpose and legal grounds for processing personal data when using cookies. The UOOU also audited whether the conditions for the transfer of personal data abroad are met.

Telemarketing

Other legislative change concerns telemarketing. When marketing products or services, companies can currently only use those phone numbers published in public registers which do not contain a specific note that the users do not wish to be contacted for marketing purposes. So, phone number owners must actively express their disagreement with telemarketing.

This will change as telemarketing will be allowed only on phone numbers published in public registers with a note that the owners wish to be contacted for marketing purposes. If the user numbers are not in the subscriber list, it will not be possible to contact them. Those who breach telemarketing restrictions face a fine up to CZK 50 million (approx. €1,958,000) or up to 10% of the net turnover for the previous financial year.

Closing remarks

To conclude, the Czech Republic faces important changes. Privacy protection will be strengthened, and people will be better protected from unsolicited telemarketing. Using cookies and other tracking technology will require an explicit GDPR-compliant consent to be obtained from the end-users. These changes are certainly a step in the right direction towards the better protection of our privacy.

Tomáš Matějovský Partner
[email protected]
Daniel Szpyrc Associate
[email protected]
Jakub Kabát Associate
[email protected]
CMS Cameron McKenna Nabarro Olswang, advokáti, v.o.s., Prague