The European Union, The General Data Protection Regulation (GDRP) and the requirements for the collection of cookies on the website

Personal Information Protection Act Also known as the PDPA, which stands for the Personal Data Protection Act. The PDPA is a law based on the EU personal data protection law, abbreviated GDRP. This stands for The General Data Protection Regulation, and this law has a big impact on websites active in the EU. Almost every website uses cookies to collect information and behavior of website visitors. Since the Thai PDPA currently has not specifically specified the cookie. While today, our own home uses various websites or online systems. Is normal in daily life and just like various websites around the world that use cookies to collect user information as well. Today, we are going to discuss the GDPR regarding the use of cookies on websites and requesting consent from users. As an example, the implementation of the Thai PDPA, which is similar.

Those who regularly surf the internet are probably familiar with the term Cookies. There are many benefits of it, such as helping us not have to log in to websites that have previously been viewed. Or just fill out a form that has already been filled out. And very clear is the ability to make websites display information that we like or care about, which may be considered a plus. But the danger is not small Whether it's spying on our personal information to send advertisements on our computers or sometimes even being hacked into a deposit account again.

What is Cookie?

Cookies in a computer language is an HTTP Header, a form of text consisting of each website, and will be recorded on our browser when we visit that website. The main objective is to enable website owners to store certain information in the user's web browser. Such as forms that have previously been filled out Data recorded that had previously been to this website Information on various settings of the website. The first web browser that uses cookies is Netscape Navigator 1.0.

2 types of Cookies

1. Cookies of websites that we visit personally created
2. Cookies or Third-Party Websites Which other websites That is the owner of certain content, such as an advertisement created by

As mentioned in the beginning, Cookies are useful, but not least. Because your personal information may be smuggled back to unwanted websites Leading to the hacking of account information Especially information regarding online transactions Who shopping online often Should be more careful

What is The European Union, The General Data Protection Regulation (GDRP) requirements for requesting consent to collect cookies for website users?

GDRP cookie consent regulations regarding obtaining permission or consent to use cookies from users. That is to say, the website user can specify whether to allow the website to use cookies to collect their personal information and which cookies are allowed. Before cookies can be used to collect data and use that data to process and use Which this rule is effective from 25 May 2018

GDRP specifies in the cookie consent request that this information is given to users.

  • Report why data is collected and how the information will be used by whom, where, where the consent document must have a clear message and must be able to choose which type of cookies to use or not. 
  • Providing information to users is a confirmation that they will do so. Must be a positive statement, no harassment or ambiguity that may cause misunderstanding
  • Requests for consent must be made before collecting or doing anything. 
  • With personal information and must be easy to request cancellation. Users must be able to withdraw consent whenever they change their minds.
  • The user who owns the data has the right to request to delete all the stored data at any time.
  • All consent documents must be recorded as viewable documents.

The Court of Justice of the European Union (CJEU) rules that banners requesting consent to collect cookies do not allow a checkmark in the consent box. Causing banner to ask for the consent of many Websites that were created before the new law came out is considered unusable. For example, Pop up banners that use the term 'By using this site, you accept cookies' That doesn't apply to the new law. Or simply using the OK button to accept the collection of cookies does not apply to this law either.

Examples of banners asking for invalid consent in accordance with EU rules


This image is an example of a valid consent banner in the EU.

This banner is correct because

  1. Clearly seen And will be displayed until the user ticks to choose one type

  2. Show before using cookies (prior consent) The user must give consent before the cookie is used.

  3. Information about cookies is accurate and clearly specified. Using language that is straightforward, easy to understand, because GDRP requires users to be fully informed about the types of cookies that will be stored on the website.

  4. The different types of cookies used on the website are clearly listed as to what type and purpose it will be used for.

  5. A cookie is grouped for general users to easily understand

  6. Cookie (Necessary cookie) that needs to be checked Because, without this type of cookie, the website will not be able to display or work or will not work properly.

  7. Users can access the consent provided on the website and can change their mind, cancel the consent at any time.

  8. All consent must be documented.

  9. Every 12 months since the first time users use the website The cookie permission banner will be displayed again. To request all new consent

Organizations that do not comply with the law may be punished with a fine of up to € 20 million, or 4% of the company's budget in the past year, whichever is higher.

The laws of Europe are very strict, and the punishment measures are quite high.
For Thailand, it is likely to continue to be seen when the Office of the Personal Data Protection Commission under the Personal Data Protection Act B.E. 2562 has been established and issued detailed rules regarding the collection of cookies by how will the Thai website be next?