IDC Names Securiti a Worldwide Leader in Data Privacy


Consent Requirements in the Czech Republic for the Use of Cookies and Similar Technologies

Published April 16, 2023 / Updated November 29, 2023

Listen to the content

The Office for Personal Data Protection ('UOOU') in the Czech Republic updated its list of frequently answered questions ('FAQs') on cookie bars and consent in March 2023. These FAQs provide significant clarity on the Czech Republic‘s legal requirements concerning the use of cookies and similar technologies.

It is important to note that the consent of users only allows website operators to store non-technical cookies on the users’ devices. In order to be able to process personal data through cookies, the data controllers must comply with the requirements of the GDPR, including having a lawful processing ground. It is possible to obtain consent for the use of cookies and processing of personal data obtained via such cookies at the same time.

Following is an overview of the cookie consent requirements highlighted by the UOOU.

Technical Cookies v. Non-Technical Cookies

  • Websites can use technical cookies, which are essential for a website’s operations, without the consent of the users.
  • Valid consent of users should be obtained prior to the activation of non-technical cookies, which are used to monitor the behavior of website users for marketing purposes, etc.

Notification Requirements

  • Users should be provided with appropriate information in simple language regarding the following matters:
    • the purposes and legal reasons for the use of cookies, including technical and non-technical cookies and the applicable consent requirements;
    • the controller of personal data obtained through cookies,
    • any legitimate interests of the controller,
    • the recipients of personal data,
    • the intention to transfer personal data to a third country or an international organization,
    • the contact details of the data protection officer,
    • the storage period of cookies and personal data - the controller should set such periods keeping in consideration the principle of storage limitation,
    • the rights to access, correction, erasure, portability, objection to processing, restriction of processing, withdrawal of consent, and to lodge a complaint with the supervisory authority,
    • whether the users’ provision of personal data is a legal or contractual requirement or a requirement to enter into a contract, and
    • whether automated decision-making takes place, including profiling.
  • A website should provide the foregoing information in both English and the Czech language (for Czech-speaking visitors).
  • Any information provided should be clear, structured for clarity, accessible, and comprehensible for the average user.
  • Demonstrable consent should be obtained from website users prior to the use of non-technical cookies and similar technologies.
  • Consent should be free, specific, informed and unequivocal.
  • Pre-set consent-friendly browser settings do not constitute valid consent.
  • Consent cannot be implied. A user continuing to browse a website without interacting with the consent banner, or closing the banner without expressing whether or not they give consent, cannot be considered valid consent.
  • Users should be able to revoke their consent at any time. Withdrawal of consent should be as easy as giving consent, such as through an easily accessible button or a link on the website.
  • The consent banner should facilitate users in terms of readability and accessibility of website content.
  • Pre-ticked options should not be used on the consent banner.
  • While users can accept or reject to give consent for each individual non-technical cookie, the processing purpose, or administrator, users should also be able to accept or reject all non-technical cookies at once.
  • The ‘Accept All’ and ‘Reject All’ buttons should be placed on the same layer of the consent banner (preferably the first layer) and in a comparable visual design.
  • The accept and reject buttons should not be designed in a manner that is misleading to the users. The buttons’ appearance, font, and color should be such that the user is freely able to decide whether to give consent or not.
  • The colors of the buttons should be chosen in a way as to respect the generally accepted meaning of the colors.
  • The link to detailed information regarding the use of cookies may be provided in the first layer of the consent banner.
  • The website operator should determine the period for which cookie consent is valid and the period after which a consent banner may be re-displayed following the refusal of consent, taking into account the processing purpose and the expectations of the data subjects.
  • Generally, 12 months may be considered a reasonable time for the validity of consent. Moreover, in case of refusal of consent, a consent banner should not be re-presented for at least 6 months after the last display, provided this time period may be lessened if:
    • one or more processing circumstances have changed significantly - for example, there is a significant change in the settings of the consent banner and/or the processing purposes, or there is such a change that could prompt the user who earlier refused consent to now give consent; however, the change of individual cookies cannot be considered a significant change, or
    • the operator is not able to monitor the previous consent choice - for example if the user has deleted the cookies stored on their device.
  • If there is a significant change in processing that would also affect users who previously gave their consent to the processing of personal data, it is necessary for the data controller to re-apply for the users’ consent.
  • A cookie consent banner should not be placed or designed in such a manner that it prevents interaction with the website and only collapses when a user has selected an option on the banner regarding their consent for the use of cookies.

How Securiti Can Help

Securiti’s Cookie Consent Management Solution enables you to achieve compliance with the Czech Republic’s cookie consent requirements with the help of the following features:

  • Scanning and auto-classification of cookies and similar technologies,
  • Implementation of an opt-in cookie consent banner with equally prominent accept and reject options of comparable sizes, fonts, and colors,
  • Unchecked consent for non-technical cookies by default,
  • Configurable consent preference centers allowing granular consent opt-ins and opt-outs and honoring immediate consent revocations,
  • Legally compliant consent banner verbiage,
  • Compliance with leading industry frameworks such as the GPC and IAB EU TCF,
  • Provision of simple, accessible and detailed information for users on the use of cookies through consent banners and preference centers, and
  • Maintenance of updated and comprehensive consent records to help you demonstrate compliance.

Ask for a DEMO today to understand how Securiti can help you comply with global privacy laws.

Maria Khan

Authored by Maria Khan

Maria Khan is a IAPP Certified Information Privacy Professional (CIPP/Europe) and a Certified Information Privacy Manager (CIPM). She earned her LL.M from the University of Michigan Law School, where she received the Michigan Grotius Fellowship, a fully-funded award. Additionally, Maria holds a B.A-LL.B (Hons.) from Pakistan.

Passionate about data privacy, AI governance, and business and human rights, Maria facilitates organizations in evaluating data privacy compliance risks and offers privacy-compliant solutions. She plays a key role in supporting regulatory intelligence within products/software and aiding organizations in meeting compliance efforts. Maria possesses a substantial understanding of global data privacy obligations, particularly in relation to AI governance, consent management, user transparency, digital marketing, cross-border data transfers, and AI risk assessments.

Join Our Newsletter

Get all the latest information, law updates and more delivered to your inbox


More Stories that May Interest You

At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.


Gartner Cool Vendor Award Forrester Badge IAPP Innovation award 2020 IDC Worldwide Leader RSAC Leader CBInsights Forbes Security Forbes Machine Learning G2 Users Most Likely To Recommend