ODO24 Logo
ODO24 Logo
ODO24 Logo
GDPR questions and answers

GDPR: QUESTIONS AND ANSWERS

Category:
Cookie Files

What is the legal framework for the use of cookies?

ANSWER

The protection of the confidentiality of communications in connection with the use of cookies and similar technologies is primarily governed by:

  • Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (hereinafter "Directive 2002/58/EC"), and the Polish Telecommunications Law Act of 16 July 2004 implementing it into the Polish legal system (Journal of Laws 2004 No. 171, item 1800, as amended, hereinafter "UPT").
  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter "GDPR").

Due to the overlapping obligations established by the regulations referred to above, the first step is to determine the relationship between them. In this regard, I would like to draw attention to two provisions:

  • Recital 10 of Directive 2002/58/EC: (...) Directive 95/46/EC (pursuant to Article 94(1) GDPR, Directive 95/46/EC was repealed with effect from 25 May 2018, and the scope of its regulation was transferred under the GDPR) applies in particular to all matters concerning the protection of fundamental rights and freedoms that are not specifically covered by the provisions of this Directive, including obligations imposed on the controller and the rights of individuals.
  • Recital 173 of the GDPR: This Regulation should apply to all matters concerning the protection of fundamental rights and freedoms

    in relation to the processing of personal data that are not subject to specific obligations having the same objective laid down in the Directive of the European Parliament.

The above is consistent with the legal doctrine that a law regulating specific matters (lex specialis) takes precedence over a law regulating only general matters (lex generalis). Therefore, with direct application to the storage of or access to cookies stored on a subscriber's or end user's terminal device, Articles 173 and 174 of the UPT. The GDPR applies in full, excluding matters specifically regulated in the UPT, primarily those concerning the conditions for obtaining the consent of the subscriber or end user.

The remaining provisions of the GDPR, including the principles governing data quality, the rights of data subjects, the confidentiality and security of processing, and issues relating to transfers of personal data to third countries, apply in their entirety.

Show all
PreviousNext

Read also:

07 June 2026

Przygotuj się na atak phishingowy, nim będzie za późno

07 June 2026

TikTok a RODO w sektorze publicznym – czego urzędy mogą dowiedzieć się z niemieckich zaleceń dla instytucji

02 June 2026

Czy do spełnienia wymogów ustawy o krajowym systemie cyberbezpieczeństwa (KSC / NIS2) potrzebne jest Security Operations Center (SOC)?

Szkolenia

RODO od podstaw (8h) online

Receive a free package of 4 tutorials and 4 e-learning trainings
The controller of your data is ODO 24 sp. z o. o.
Legal provisions governing the use of cookies | ODO 24 | ODO 24