When you visit the Service, we may send one or more cookies — a small text file containing a string of alphanumeric characters — to your computer that uniquely identifies your browser and let Ogatin help you log in faster and enhance your navigation through the site. A cookie may also convey information to us about how you use the Service (e.g., the pages you view, the links you click and other actions you take on the Service), and allow us, or our business partners, to track your usage of the Service over time. A persistent cookie remains on your hard drive after you close your browser. Persistent cookies may be used by your browser on subsequent visits to the site. Persistent cookies can be removed by following your web browser’s directions. A session cookie is temporary and disappears after you close your browser. You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent. However, some features of the Service may not function properly if the ability to accept cookies is disabled.
What are cookies and why are they used?
Cookies are text files transferred from your browser to your computer’s hard drive. They store information about your activity on a browser. Companies worldwide use cookies to monitor customer behaviour and to improve interactivity with a website.
You will notice when you search for a specific product, ads relating to that product appear on other sites you visit. When you log into a website that uses cookies and later re-visit it, the cookies allow the website to ‘remember’ you.
Cookies make your life as a website user much easier because you do not have to log in every time you visit the same page. Your online experiences will be personalized to your preferences.
Types of cookies
There are different types of cookies saving different information and for different periods of time.
Period cookies are deleted at the end of a web sessions, while persistent cookies have a pre-determined expiry date and will appear until the expiry date is reached.
Does POPI apply?
POPI does not explicitly mention cookies, but POPI applies because:
- a cookie can contain personal information,
- the definition of personal information includes an online identifier, or
- one of the duties of the Information Regulator is to monitor the use of unique identifiers (which includes cookies).
The personal information that is processed using cookies will be protected by POPI. Once POPI commences, the Information Regulator may publish regulations to regulate the use of cookies in South Africa. Generally speaking, POPI is an opt out law, but South Africa will probably follow the EU ePrivacy Directive and require the user (or data subject) to consent to a website owner using cookies.
What about my personal information?
Cookies store certain personal information you provide on a website. This personal information can be processed if done so in accordance with the conditions of POPI.
Cookies do not generally store credit card information and account numbers but if they do the information must be protected securely.
Cookies only store information from your browser, they cannot access data on your hard drive. Cookies are text files that cannot transfer viruses to your computer or mobile device.
EU ePrivacy Directive
The EU ePrivacy Directive (as amended by Directive 2009/136/EC) requires a data subject to give prior informed consent.
EU ePrivacy Directive Article 5(3) says, “the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information”
The Directive is not a law but failure to follow the directive will lead to action taken against the Member state. Member states must implement the directive into local laws.
Even if a business is not in the EU their customers might be. They must get their clients consent to use cookies. The EU requires data subjects to opt in to the use of cookies. However, you do not need to get consent for cookies that are “strictly necessary for the delivery of a service requested by the user”.
This is contrary to the current South African position where consent is not needed.
South African cookie law position?
In South Africa, there is currently no law regulating the use of cookies. But section 51 of the Electronic Communications and Transactions Act (ECT Act) currently governs the protection of electronic personal information. This provision has similar requirements to what is required under POPI and POPI will repeal it.
Some websites have pop-ups informing you that they use cookies and state that if you do not want information saved, you should leave the website. Others require your specific consent before proceeding. You can also edit your browser settings to block the use of cookies.