Even if the difference between mandatory and non-mandatory cookies is not mentioned in the decision, it should be emphasized that obtaining prior consent shall be considered compulsory for non-mandatory cookies such as marketing of statistical cookies. Another issue to consider is to provide the freedom to choose to website visitors. In other words; declining the use of non-mandatory cookies shall not prevent the visitor from benefiting from other services offered by the website. If the user is not free to opt-in or out for non-mandatory cookies, the consent should be deemed unlawful.
As stressed throughout the note, the subject decision of Turkish DPA concludes some essential rules in terms of cookie use. However, there are still many points that have to be clarified in terms of cookie use. The issue is expected to be handled in more detail in future decisions of the DPA. In the meantime, Guidelines published by European Union Member States’ such as “Guidance Note: Cookies and other tracking Technologies” of Irish Data Protection Authority can serve as valuable resources.
Ayça Doğu, LLM