Czech Republic: Changes to the Electronic Communications Act new rules relating to cookies and telemarketing effective as of 1 January 2022

In brief

With effect from 1 January 2022, the provisions of the recent amendment of Act No. 127/2005 Coll., on Electronic Communications and on Amendment to Certain Related Acts ("Electronic Communications Act") relating to the storing and accessing of cookies and other information (hereinafter jointly as "cookies") on users' devices and telemarketing, have become effective. In view of the change, the competent authorities have recently issued new guidance and statements relating to the updated rules about cookies and telemarketing, clarifying the interpretation of the relevant obligations along with some open questions.


Below we present a brief overview of the recent changes and the currently available guidance.

New rules relating to cookies

Despite the fact that since the year 2009 the ePrivacy Directive generally required a prior consent for the storing and accessing of cookies (a so called opt-in), under Czech law it was sufficient to offer the possibility of refusing the storage and access to cookies (a so called opt-out). With effect as of 1 January 2022, Section 89 (3) of the Electronic Communications Act was amended to comply with the ePrivacy Directive and newly requires an opt-in for the storing of cookies or for gaining access to them, unless the cookies are of a purely technical nature, are necessary for carrying out the transmission of a communication over an electronic communications network, or for the provision of a service explicitly requested by the user (hereinafter jointly as "technical cookies").

For the storing and accessing of cookies that are not technical cookies, it is therefore necessary to obtain a prior consent that satisfies the requirements of the GDPR consent. The Office for Personal Data Protection reiterates in its statement from 25 November 20211 as well as in the FAQs from 22 December 20212 that the consent needs to be free, specific, informed, and unambiguous and that the user needs to be able to withdraw the consent as easily as grant it (ideally a button or URL for a withdrawal should be available on the website). Furthermore, the consent needs to be granular, which means it needs to be granted for a particular purpose.

The Office for Personal Data Protection points out that in relation to cookies it is necessary to adhere in particular to the:

  1. requirements of the Electronic Communications Act, i.e., requirements for the storing and accessing of cookies, and
  2. GDPR requirements (to the extent that the processing of cookies and related information constitutes personal data processing), i.e., requirements relating to personal data processing, such as having an appropriate legal basis.

Therefore, although a consent is necessary for the storing and accessing of cookies (apart from technical cookies), the processing of personal data in this context could, in practice, also be based on a legitimate interest or on the necessity for a contractual performance. In the opposite situation, despite the fact that a consent is not necessary for storing and accessing technical cookies, if they constitute personal data, an appropriate legal basis needs to be determined for their processing (in practice it will usually be a legitimate interest, however, depending on the purpose of the processing, a consent might be appropriate).

In order to satisfy the requirement of transparency, the Office for Personal Data recommends providing a list of all cookies including their purpose. The provided information needs to be clear and easily accessible for the user, whereas the number of cookies should be taken into account during the decision on the fulfilment of the transparency requirement.

New rules relating to telemarketing

The Electronic Communications Act also changes the opt‑out principle to an opt-in principle in relation to telemarketing3. Pursuant to Section 96 (1) of the Electronic Communications Act it shall be prohibited to contact a subscriber (i.e., a person using publicly available electronic communications services) with a marketing offer unless the subscriber has stated in a public subscriber directory that they wish to be contacted for marketing purposes.

As a reaction to various open questions pertaining to the interpretation and application of the new obligations, the Czech Telecommunication Office, the Office for Personal Data Protection and the Ministry of Industry and Trade issued on 21 December 2021 a joint interpretative opinion4. The opinion clarifies that the opt-in requirement relates to contacts made via contact details obtained from public subscriber directories. Therefore, if the contact details come from a source other than the public subscriber directory, the contacting person must merely prove how they obtained the contact (in order to prove that the requirements of the Electronic Communications Act are not applicable) and that they are entitled to process personal data and contact the person in accordance with the GDPR and Act No. 480/2004 Coll., on certain Information Society Services, if applicable.

The Electronic Communications Act stipulates a presumption that a public subscriber directory is also a list containing randomly generated phone numbers, phone numbers without identification details and a list with details of subscribers who did not state that they wish to be contacted for marketing purposes, which aims to ensure that the requirements will not be circumvented. According to the opinion, the newly introduced opt-in principle does not apply to a directory of contacts created by one's own business activity such as database of clients, patients or customers, as it only applies to marketing communication to a person with which the contacting person does not have any previous relationship.

In the opinion, the authorities also deal with the conditions under which a public subscriber directory may be created and used and provide answers to frequently asked questions relating to telemarketing. In relation to telemarketing, the Office for Personal Data Protection also updated its guidance How to prevent unsolicited telemarketing5 so that it reflects the new rules, which includes a guidance for persons how to prevent unsolicited telemarketing and how to proceed if they are contacted in this way.

Despite the fact that the new provisions are applicable as of 1 January 2022, pursuant to the transitional provisions, it will still be possible to contact subscribers in accordance with the previous legislation, i.e., on an opt-out basis, until 1 July 2022.

* * * * *

In light of the newly effective rules as well as the newly issued guidance, we recommend reviewing the set-up of the cookies and telemarketing rules.

We will be happy to answer any follow-up questions relating to the regulation, as well as any other queries you might have with regard to Czech law.

1 Statement of the Office for Personal Data Protection dated 25 November 2021, in Czech available here.

2 Frequently asked questions about the consent to cookies granted through the so-called cookie bar (FAQs) dated 22 December 2021, in Czech available here.

3 In addition to telemarketing, the new rules also apply to electronic marketing, where, however, an opt-in or a customer relationship was already required for a marketing communication by Act No. 480/2004 Coll., on certain Information Society Services.

4 Joint interpretative opinion dated 21 December 2021, in Czech available here.

5 Guidance of the Office for Personal Data Protection dated 3 January 2022 How to prevent unsolicited telemarketing, in Czech available here.

Copyright © 2022 Baker & McKenzie. All rights reserved. Ownership: This documentation and content (Content) is a proprietary resource owned exclusively by Baker McKenzie (meaning Baker & McKenzie International and its member firms). The Content is protected under international copyright conventions. Use of this Content does not of itself create a contractual relationship, nor any attorney/client relationship, between Baker McKenzie and any person. Non-reliance and exclusion: All Content is for informational purposes only and may not reflect the most current legal and regulatory developments. All summaries of the laws, regulations and practice are subject to change. The Content is not offered as legal or professional advice for any specific matter. It is not intended to be a substitute for reference to (and compliance with) the detailed provisions of applicable laws, rules, regulations or forms. Legal advice should always be sought before taking any action or refraining from taking any action based on any Content. Baker McKenzie and the editors and the contributing authors do not guarantee the accuracy of the Content and expressly disclaim any and all liability to any person in respect of the consequences of anything done or permitted to be done or omitted to be done wholly or partly in reliance upon the whole or any part of the Content. The Content may contain links to external websites and external websites may link to the Content. Baker McKenzie is not responsible for the content or operation of any such external sites and disclaims all liability, howsoever occurring, in respect of the content or operation of any such external websites. Attorney Advertising: This Content may qualify as “Attorney Advertising” requiring notice in some jurisdictions. To the extent that this Content may qualify as Attorney Advertising, PRIOR RESULTS DO NOT GUARANTEE A SIMILAR OUTCOME. Reproduction: Reproduction of reasonable portions of the Content is permitted provided that (i) such reproductions are made available free of charge and for non-commercial purposes, (ii) such reproductions are properly attributed to Baker McKenzie, (iii) the portion of the Content being reproduced is not altered or made available in a manner that modifies the Content or presents the Content being reproduced in a false light and (iv) notice is made to the disclaimers included on the Content. The permission to re-copy does not allow for incorporation of any substantial portion of the Content in any work or publication, whether in hard copy, electronic or any other form or for commercial purposes.