Products
By Use Cases By Roles
Data Command Center
View
Learn more

AI Security & Governance

Discover, assess, and safeguard AI usage

Learn more

Asset and Data Discovery

Discover dark and native data assets

Learn more

Data Access Intelligence & Governance

Identify which users have access to sensitive data and prevent unauthorized access

Learn more

Data Privacy Automation

PrivacyCenter.Cloud | Data Mapping | DSR Automation | Assessment Automation | Vendor Assessment | Breach Management | Privacy Notice

Learn more

Sensitive Data Intelligence

Discover & Classify Structured and Unstructured Data | People Data Graph

Learn more

Data Flow Intelligence & Governance

Prevent sensitive data sprawl through real-time streaming platforms

Learn more

Data Consent Automation

First Party Consent | Third Party & Cookie Consent

Learn more

Data Security Posture Management

Secure sensitive data in hybrid multicloud and SaaS environments

Learn more

Data Breach Impact Analysis & Response

Analyze impact of a data breach and coordinate response per global regulatory obligations

Learn more

Data Catalog

Automatically catalog datasets and enable users to find, understand, trust and access data

Learn more

Data Lineage

Track changes and transformations of data throughout its lifecycle

Learn more

Compliance Management

Automate Compliance with Global AI and Data Frameworks using Common Controls and Tests
Data Controls Orchestrator
View
Data Command Center
View
Sensitive Data Intelligence
View

Asset Discovery
Data Discovery & Classification
Sensitive Data Catalog
People Data Graph
Learn more

Privacy

Automate compliance with global privacy regulations

Data Mapping Automation

View

AI Security & Governance

View

Data Subject Request Automation

View

People Data Graph

View

Assessment Automation

View

Cookie Consent

View

Universal Consent

View

Vendor Risk Assessment

View

Breach Management

View

Privacy Policy Management

View

Privacy Center

View

Learn more

Security

Identify data risk and enable protection & control

Data Security Posture Management

View

AI Security & Governance

View

Data Access Intelligence & Governance

View

Data Risk Management

View

Data Breach Analysis

View

Learn more

Governance

Optimize Data Governance with granular insights into your data

Data Catalog

View

Data Lineage

View

Data Quality

View

AI Security & Governance

View

Compliance Management

View
Data Controls Orchestrator
View
Solutions
Technologies

Covering you everywhere with 1000+ integrations across data systems.

Snowflake

View

AWS

View

Microsoft 365

View

Salesforce

View

Workday

View

GCP

View

Azure

View

Oracle

View

Databricks

View

Learn more

Regulations

Automate compliance with global privacy regulations.

US California CCPA

View

CPRA
California Privacy Rights Act

View

European Union GDPR

View

Thailand’s PDPA

View

China PIPL

View

Canada PIPEDA Compliance Solution

View

Brazil's LGPD

View

+ More

View

Learn more

Roles

Identify data risk and enable protection & control.

Privacy

View

Security

View

Governance

View

Marketing

View
Resources

Blog

Read through our articles written by industry experts

Collateral

Product brochures, white papers, infographics, analyst reports and more.

Knowledge Center

Learn about the data privacy, security and governance landscape.

Securiti Education

Courses and Certifications for data privacy, security and governance professionals.
Company

About Us

Learn all about Securiti, our mission and history

Partner Program

Join our Partner Program

Contact Us

Contact us to learn more or schedule a demo

News Coverage

Read about Securiti in the news

Press Releases

Find our latest press releases

Careers

Join the talented Securiti team

Austrian DPA Cookie FAQs

Published June 18, 2022 / Updated January 25, 2024

The use of cookies can be a tricky subject for websites given the rapid rise in data protection laws and compliance actions from various data protection regulatory authorities all around the world.

On 20 Dec 2023, the Austrian Data Protection Authority (DSB) released a set of Frequently Asked Questions about cookies and data protection outlining the requirements for the use of cookies on websites.

Let’s look into the key points highlighted by the Austrian DSB:

1. What is the legal framework for cookies?

Article 5(3) of the e-Privacy Directive which is implemented at the national level in Section 165(3) of the Austrian Telecommunication Act 2021 requires prior consent for the use of all technical unnecessary cookies.
Section 165(3) applies to not just cookies but also similar tracking technologies that access data from end users’ devices.

2. Are cookies personal data?

Cookies are qualified as personal data where they can identify individuals.
Cookies may contain universally unique identifiers (UUID) that are used to mark user devices. These identifiers contribute to the classification of cookies as personal data when they have the potential to identify specific individuals.

3. Which cookies are technically necessary?

The type of cookie that is essential for the proper functioning of a website or for providing an information society service expressly requested by the user.
Services for which technical cookies can be set includes:
- Necessary session management (e.g. cookies saving shopping cart information or login status);
- Entries in an online form if an entry on several subpages of a website is necessary to submit the form;
- Information about the consent status, unless a clear online identifier is assigned for this.

4. Does your website need a cookie consent banner?

A cookie banner is a window that appears on a website when a visitor visits the site for the first time.
Its function is to obtain the user’s consent for the use of cookies.
Such consent from website visitors is only required if the website uses "technically unnecessary" cookies. If the website doesn't use any of these cookies, there is no need for consent, and consequently, no cookie banner is necessary.

5. How must a cookie banner be designed?

Ensure no technically unnecessary cookies are dropped on the website before obtaining the user’s consent.
Browsing the website without any interaction with the consent banner or accidentally selecting a “hidden consent button” does not constitute a valid consent;
Consent can not be assumed merely because a data subject generally sets their browser settings allowing cookies to be set or read.
Pre-selected checkboxes do not constitute valid consent.
To ensure consent is given voluntarily by the user, there must not be any disadvantages to the user for not giving consent to the use of cookies.
The banner must clearly and precisely indicate how consent can be revoked.
Withdrawing consent should be as easy as giving consent.
Refusing consent should be as easy as granting it on a cookie banner, without additional steps or complexity.
The purposes of cookies must be made clear to the user.
Data subjects should not be pressured to give consent via banner design choices.

6. Is it mandatory to inform visitors about the use of cookies on a website?

It depends on the types of cookies used. For "technically unnecessary" cookies, information must be provided about their setting and reading. This obligation applies regardless of whether the cookies involve personal data or not. Additionally, the user must be informed if the use of cookies leads to the processing of personal data.

7. Can Accept and Reject buttons be of different colors?

Depends on a case-by-case assessment given both Accept and Reject buttons are equally visible.
Example: If the background of the banner is white, the Accept button is red and the Reject button is also white, such a banner is not compliant.

8. How can a website fulfill its obligation to inform users about its use of cookies?

A multi-level approach is recommended.
The first information layer of the consent banner may include:
- The identity of the data controller/website operator
- Brief description of the processing purposes
- The legal basis for data processing
- An indication that consent can be revoked at any time without providing any reason and doing so does not affect the legality of prior processing
- How and where it can revoked
- A link to a detailed information or the second information layer.

9. Is the use of cookie walls permitted?

The use of cookie walls also known as “pay or okay” is permitted if the following conditions are met:
- Compliance with all data protection regulations particularly GDPR, for data processing based on consent
- the requirements for the granularity of consent must be taken into account
- The service provider must not be a public authority or other public bodies
- There cannot be any exclusivity in relation to the content or services offered
- The service provider cannot have a monopoly/quasi-monopoly position in the market
- An appropriate and fair prices for the payment alternative
- If a user gains access to the website using the payment alternative, no personal data may be processed for advertising purposes.

10. What is paywall and how is it different from a cookie wall?

A “paywall” requires a user to pay money to access the website when they visit the website, as the website operator can decide whether access to the content of their website is chargeable. While cookie wall presents users with the option to either pay for a website access or provide consent for the use of cookies.

Securiti’s Cookie Consent Management Solution can help you comply with Austrian requirements on the use of cookies by displaying the legally compliant consent banners with automatic cookie scanning & categorization, preference center, and audit trail features.

Request a DEMO

Disclaimer

Securiti has made every attempt to ensure the accuracy and reliability of the information provided in these materials. However, the information is provided “as is'' without warranty of any kind. Securiti does not accept any responsibility or liability for the accuracy, content, completeness, legality, or reliability of the information contained in these materials. Legal counsel should be consulted prior to making any decision in reliance on the information contained in these materials.