New Telecommunications Legislation on cookie files (so-called cookies) is effective in Poland since March 2013. What the new act has changed is, primarily, the fact that all visitors to an online store or any other website that uses cookies need to be explicitly informed about the changes in the privacy policy. In practice this generally consists in the fact that every website visitor needs to be informed about the presence of cookies on the pages of the very website. From the moment of receiving this information each of their decisions (including omissions, that is, failure to change default browser settings allowing to process cookies) might be understood as a deliberate choice. Detailed provisions are included in Articles 173, 174 and 209 of the amended Telecommunications Act (Journal of Laws of December 21st 2012, item 1445). 

What is a cookie?

A cookie (HTTP Cookie) is a small fragment of text that a web page sends to a browser on the side of the user's computer. Your browser sends the file back to the website when you revisit the website. The purpose of this is primarily to maintain the session and to remember the data (concerning a customer) that might be coded as a character string then. In such case a given user does not need to enter the same information every time they visit the site. The cookie mechanism has been invented and designed by a former employee of Netscape Communications Lou Montulliego in the 1990s. Presently some browsers have advanced tools that allow you to control the sites that store data in cookies and allow to remove and/or block them selectively. It is, however, good to know that the standard Internet Explorer version does not offer such tools. This is one of the reasons why the European Union has imposed an obligation to inform about such practice on website and online store owners. 

An online store owner's obligations include drawing up a document that includes brief information about how and for what purpose cookie files are used. Customers need to be informed about how they might change their cookie use policy settings using their web browsers. It is usually most comfortable to simply place the document in the form of an additional subpage on the main site, marked as Privacy Policy. One might do this independently, having read and understood the provisions of the aforementioned act or commission drawing up privacy policy to an Internet law professional (which is usually easier).

When is it not necessary?

Before you start drawing up our cookie policy you should make sure if you actually need it. In other words, you need to know what cookie-related solutions you use in your web page. As a matter of fact, you do not need to inform users about cookies if storing or accessing information is necessary to for the purpose of submitting information via the public telecommunications network, providing telecommunications services or electronically rendered services, upon a subscriber's request. Therefore, in practice, when a website or a store do not use any external scripts or own scripts other than the standard ones, you are not obliged to provide information about cookie policy. This is, however, a rare occurrence nowadays. Suffice it to say that cookies cover as simple and omnipresent tools as Google Analytics statistics. Therefore, if you are not 100% sure how your website works, you should consult a professional. Indeed, a failure to inform customers about cookies on a web page results in a financial penalty in the amount of 3% of the penalised entity's gross receipts generated in a previous calendar year. Moreover, an additional financial penalty in the amount of 300% monthly salary of the company's manager may be another punishment.

You already have a cookie policy - what do you do next?

The information needs to be published on the web page, so that it is visible to all users. There are many different ways to do this. The common ones include: top and bottom information tags. Their templates might be found on the Internet free of charge - usually, along with information about changes in cookie files.