Legal Framework for Cookie Usage in Estonia
In Estonia, the use of cookies is primarily governed by § 105 (1) of the Electronic Communications Act (ESS), which transposes the EU ePrivacy Directive. Furthermore, when cookies collect personal data, the General Data Protection Regulation (GDPR) applies in full force.
Principles of Consent
The fundamental rule is that storing or accessing information on a user's device is only permitted if the user has provided informed and clear consent. An exception exists for strictly necessary cookies, which are essential for the provision of a service requested by the user (e.g., shopping cart functionality).
- Prior Consent: Consent must be obtained before any non-essential cookies are placed.
- Voluntariness: Users must be able to refuse consent without suffering a significant degradation in service quality.
- Withdrawal: Withdrawing consent must be as easy as giving it.
Transparency and Notification
Website owners are obligated to inform users about the purposes of the cookies, their duration, and any third parties involved. This information must be clearly accessible in a Privacy Policy or a dedicated cookie notice. It is crucial to note that pre-ticked boxes do not constitute valid consent under the GDPR.
Supervision and Liability
The Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) is the supervisory authority. Failure to comply with these requirements can lead to significant administrative fines. Website owners are responsible for ensuring that their Consent Management Platform (CMP) is technically sound and legally compliant.
Do you need assistance in ensuring your website meets current legal standards? Our advanced legal AI assistant at Legal Aid 24 is ready to analyze your specific situation and provide tailored guidance. Contact us today to ensure your business remains legally secure!