Products
By Use Cases By Roles
DataControls Cloud^TM
View
Learn more

Asset and Data Discovery

Discover Data Assets

Learn more

Data Access Intelligence & Governance

Identify which users have access to sensitive data and prevent unauthorized access

Learn more

Data Privacy Automation

PrivacyCenter.Cloud | Data Mapping | DSR Automation | Assessment Automation | Vendor Assessment | Breach Management | Privacy Notice

Learn more

Sensitive Data Intelligence

Discover & Classify Structured and Unstructured Data | People Data Graph

Learn more

Data Flow Intelligence & Governance

Discover & Classify Structured and Unstructured Streaming Data

Learn more

Data Consent Automation

First Party Consent | Third Party & Cookie Consent

Learn more

Data Security Posture Management

Protect data systems by discovering and automatically remediating misconfigurations

Learn more

Data Breach Impact Analysis & Response

Analyze impact of a data breach and coordinate response per global regulatory obligations

Learn more

Data Catalog

Automatically catalog enterprise datasets

Learn more

Data Lineage

Track changes and transformations of data throughout its lifecycle
Data Controls Orchestrator
View
DataControls Cloud^TM
View
Sensitive Data Intelligence
View

Asset Discovery
Data Discovery & Classification
Sensitive Data Catalog
People Data Graph
Learn more

Privacy

Automate compliance with global privacy regulations

Data Mapping Automation

View

Data Subject Request Automation

View

People Data Graph

View

Assessment Automation

View

Cookie Consent

View

Universal Consent

View

Vendor Risk Assessment

View

Breach Management

View

Privacy Policy Management

View

Privacy Center

View

Learn more

Security

Identify data risk and enable protection & control

Data Security Posture Management

View

Data Access Intelligence & Governance

View

Data Risk Management

View

Data Breach Analysis

View

Learn more

Governance

Optimize Data Governance with granular insights into your data

Data Catalog

View

Data Lineage

View

Data Quality

View
Data Controls Orchestrator
View
Solutions
Technologies

Covering you everywhere with 1000+ integrations across data systems.

Snowflake

View

AWS

View

Microsoft 365

View

Salesforce

View

Workday

View

GCP

View

Azure

View

Oracle

View

Learn more

Regulations

Automate compliance with global privacy regulations.

US California CCPA

View

US California CPRA

View

European Union GDPR

View

Thailand’s PDPA

View

China PIPL

View

Canada PIPEDA

View

Thailand PDPA

View

+ More

View

Learn more

Roles

Identify data risk and enable protection & control.

Privacy

View

Security

View

Governance

View

Marketing

View
Resources

Blog

Read through our articles written by industry experts

Videos

Solution and customer videos.

Collateral

Product brochures, white papers, infographics, analyst reports and more.

Knowledge Center

Learn about the data privacy, security and governance landscape.

Securiti Education

Courses and Certifications for data privacy, security and governance professionals.
Company

About Us

Learn all about Securiti, our mission and history

Partner Program

Join our Partner Program

Contact Us

Contact us to learn more or schedule a demo

News Coverage

Read about Securiti in the news

Press Releases

Find our latest press releases

Careers

Join the talented Securiti team

Cookie and Consent Practices in Finland

By Privacy Research Team

Published on August 6, 2021

On 13 July 2021, the Finnish Transport and Communications Agency (Traficom) released a consultation on the Draft Guidance on the Use of Web Cookies (Guidance). Traficom allows the public to comment on draft Guidance before their final publication. The comment and response period ends on 9 August 2021.

This article provides an overview of the Guidance that will help service providers implement legally compliant cookie consent solutions on their websites.

The Guidance applies to service providers that use cookies as well as other similar tracking technologies that allow reading and storing of the user’s data such as a built-in storage mechanism in HTML5, Flash player, tracking pixels, web beacons and various tags, and fingerprinting technologies.

Let’s look into some of the key points highlighted by Traficom in this Guidance:

The use of non-essential cookies requires user’s consent:

All non-essential cookies and similar tracking technologies require the consent of the user.

Examples of such cookies are:

Long-term cookies related to personalisation
Authentication-related long-term cookies
Development and analytics cookies
Cookies related to targeted advertisements and marketing
Specific data acquired from a terminal device via active scanning
Cookies related to social media platforms
Cookies enabling real-time communication
Cookies related to cross-media content
The processing of location data

The user’s consent is not needed for the use of essential cookies or other corresponding technologies. Essential cookies are those whose sole purpose of storing and using data is to carry out the transmission of a communication over an electronic communications network or the storage and use of data is strictly necessary for the service provider to provide a service that the subscriber or service user has specifically requested. These cookies implement the transmission of a message through a network by identifying the transmission points required for routing the message, ensure the transmission of the message’s content to the destination in an appropriate order or detect errors or data losses occurring during the transmission of the message. Third-party cookies are generally not considered essential as they are not required to transmit messages.

The following are examples of cookies considered to be essential to provide a requested service:

Cookies related to the user’s input (for example, cookies to remember the content of a user’s shopping cart in an online store)
Short-term cookies related to authentication
Cookies related to information security (to ensure the safe transmission of data or identify possible or attempted misuses of the service by monitoring the amount of successive login attempts)
Cookies related to presenting content (for example, flash technology-based content)
Cookies related to the user’s preferences regarding language, appearance, and accessibility while visiting the site, such as font or text size
Cookies related to accessibility (for example, enabling the use of audio description or voice subtitling)
Cookies related to the site layout

Even in the case of the use of essential cookies, users must be adequately informed about them and their use is allowed only to the extent necessary to provide the service.

Consent to the use of non-essential cookies must be freely given, specific, informed and unambiguous. Non-essential cookies cannot be turned on in the service or site by default and the user must separately agree to their use by clicking on them (opt-in).

The following are not valid indications of consent:

Browser settings cannot be considered sufficient indications of consent
General terms and conditions of the service, accepting them or continuing to use the service are not considered valid indications of consent
The use of pre-ticked boxes or slide switches in the on position is not valid consent

Demonstration of consent:

The service provider must be able to demonstrate that they have requested consent to store and use cookies and comparable data. For this purpose, the following must at least be stored:

The moment when consent was requested and obtained
How consent was requested
What information was provided to request consent
The necessary identification data with regard to who gave consent
Specific storage periods for personal data

However, no more data is allowed to be stored than is necessary to prove the obtaining of consent. Additionally, service providers must be able to justify the storage times of personal data since personal data can only be stored for the duration necessary for the purposes of its processing.

Informing users and consent banners:

Users must be informed comprehensively and understandably of the use of cookies or other data that require the user’s consent. For this purpose, cookie consent banners should specify the following:

The cookies and similar technologies used as well as their type (for example, the following classifications may be used: essential, functional, personalisation, advertisement, social media-related, analytics and measuring, others)
The purpose of each cookie, i.e. what data is collected with the cookie and for what purpose
The validity period of each cookie
Information on whether data is shared with third parties via the cookies, who these parties are, and what data is transmitted
A link to specific information concerning the service’s cookies or privacy policy

Service providers must comply with Article 13 of the GDPR concerning information to be provided to data subjects. In addition, the layout of the consent banner must be as neutral as possible. This means service providers must use equal font sizes and colors for accept and reject commands so that users are not misguided by consent banner design choices.

How Securiti can help?

Securiti’s Cookie Consent Management Solution enables organizations to build cookie consent notices in accordance with the applicable legal requirements. It can help you comply with the Finnish Guidance on cookies with the help of the following features:

Periodic scanning of websites
Configurable preference center
Auto-blocking of non-essential cookies
Dynamic consent refresh
Granular consent records and reporting

Ask for a DEMO to understand how Securiti can help you comply with Finland’s Guidance on Cookies and other similar tracking technologies, GDPR and a whole host of other global privacy laws and regulations, with ease.

Privacy Center
Fully Functional In Minutes

Elegant Consumer Frontend, Fully Automated Backend, Privacy Regulation Intelligent Everywhere.

Take a Tour

The use of non-essential cookies requires user’s consent:

Withdrawal of consent:

Demonstration of consent:

Informing users and consent banners:

How Securiti can help?

Privacy Center
Fully Functional In Minutes

Newsletter

Company

Resources

Terms

Get in touch

Cookie and Consent Practices in Finland

The use of non-essential cookies requires user’s consent:

The use of essential cookies does not require the user’s consent:

Consent must be freely given, specific, informed and unambiguous:

Withdrawal of consent:

Demonstration of consent:

Informing users and consent banners:

How Securiti can help?

Privacy Center Fully Functional In Minutes

Get Started

Email already in use

Unexpected error occurred

Join Our Newsletter

Share

More Stories that May Interest You

Why you need to adopt Securiti’s Consent Management Platform

IAB EU Solution: We are proud to announce that SECURITI.ai’s Consent Management Platform is officially TCF v2.0 approved by the IAB

Irish Guidance on Consent & Cookies – Grace Period ends on 5 October

Newsletter

Company

Resources

Terms

Get in touch

Privacy Center
Fully Functional In Minutes