As digital privacy takes center stage, understanding cookie regulations is vital for fostering transparency and customer trust. Therefore, whether you are a business owner, website operator or digital marketer, you must be aware of these legal requirements. Let us bring you up to speed on the Croatian cookie consent requirements and compliance strategies.

What is the cookie law of Croatia?

Croatia has implemented the GDPR principles and e-privacy directives into its national legislation through zakon o provedbi opće uredbe o zaštiti podataka and Zakon o elektroničkim komunikacijama (English translation). 

Croatia adheres to the GDPR guidelines in its digital data protection and privacy approach. The Croatian Personal Data Protection Agency has also published recommendations on using cookies to assist businesses to comply with the requirements.

What is the scope of the Croatian cookie guidelines?

The Croatian cookie guidelines apply to all websites and online services that deploy cookies or tracking technologies on devices and collect information from Croatian users.

What are the Croatian cookie consent requirements?

As per the Croatian legal standards, explicit user consent is the gateway to deploying cookies on devices. The consent for processing personal data obtained through cookies must be given in harmony with the GDPR consent requirements. 

Do all cookies require consent?

Though consent is a prerequisite for cookies, this can be bypassed under the following specific scenarios:

  • If they are solely used for transmitting communication via an electronic communication network;
  • If they are necessary to provide the information society service requested by the user.

The following cookies do not require user consent if they are not used for other purposes:

  • User input cookies like session IDs that last for the session or permanent cookies that sometimes last for a few hours.
  • Authentication cookies that authenticate services during the session.
  • User-oriented security cookies that detect authentication abuse for a limited persistent duration.
  • Multimedia content session cookies like flash players during the session.
  • Load balancing cookies for the duration of a session.
  • Cookies that are used for customizing the user interface for the duration of a session or a little more.
  • Cookies that are used for sharing the content of social networks/third parties for the login of their members.

Note that user consent is mandatory for using social media cookies, except those necessary to provide the service requested by the user. This is particularly important for tracking cookies.

What are the Croatian DPA cookie guidelines?

Websites must adhere to the following cookie consent guidelines before deploying cookies or other trackers on devices:

  • User consent for non-essential cookies must be voluntary, unambiguous, specific and informed.
  • Allow users to choose whether to accept or reject cookies without adverse consequences.
  • Do not combine consent with other conditions (bundle consent) and must be separable.
  • Provide convenient mechanisms to withdraw consent without any consequences.
  • Allow users to give separate consent for each purpose rather than consenting to a set of purposes.
  • Provide information regarding the data processing to the users.
  • Avoid using a broad purpose for unrelated processing activities.
  • Consent must be an affirmative action. Therefore, continuous scrolling or other forms of inaction do not constitute consent.
  • Consent through internet browser settings must adhere to the GDPR consent requirements, such as granular consent and contain the controllers’ names.
  • Renew consent at appropriate intervals depending upon the scope of the purpose and user’s expectation.

What are the information requirements under the Croatian cookie guidelines?

The Croatian cookie guidelines are designed to ensure that businesses honour user privacy and maintain transparency in data processing. 

The following are the essential information requirements under the law: 

  • Identity and contact information of the controller
  • Specific purposes for processing
  • Categories of personal data collected and processed
  • Information about the right to withdraw consent
  • Recipients or categories of recipients of the collected information
  • Data retention period
  • Whether the users will be subjected to automated decision-making
  • Possible risks if there is a transfer of data due to the absence of suitability decisions and appropriate safeguards

This information should be available to the users in an easily accessible and understandable format. Mostly they are included in the privacy policy

Checklist for Croatian cookie consent compliance

  • Obtain explicit user consent for deploying non-essential cookies on devices 
  • Allow users to give granular consent
  • Renew consent at appropriate intervals
  • Cookie consent must be voluntary, unambiguous, specific, and informed
  • Users should be able to accept or reject cookies without adverse consequences.
  • Maintain transparency and provide information to the users
  • Provide convenient consent withdrawal mechanisms
  • Avoid obtaining bundle consent
  • Do not consider continuous scrolling or other forms of inaction as consent

How can CookieYes help achieve Croatian cookie compliance?

The best solution to achieve cookie compliance is to implement a robust consent management platform like CookieYes.

Why CookieYes is the best solution?

  • Customizable consent notice with clear Accept/Reject buttons
  • Granular consent options
  • Convenient consent withdrawal
  • Consent logs for compliance
  • Language customization
  • Scan sites to detect and block third-party cookies until consent is given
  • Google-certified CMP and IAB TCF v2.2 compliant      

FAQ on Croatian cookie consent

What are cookies?

Cookies are small files that websites place on internet-connected devices, such as smartphones or computers, to collect and store information about users. They perform various functions, such as saving user preferences and serving functional purposes. Additionally, websites use them for advertising, analytical purposes, and more.

Do you need consent for cookies?

User consent is necessary for deploying non-essential cookies on devices such as those used for tracking and advertising.

What are cookie consent requirements?

The cookie laws require websites and online service providers to provide information and obtain voluntary user consent before deploying cookies on devices.