Skip to content
General Warning on the Fulfilment of Legal Obligations Regarding Transparency and Information on the Processing of Personal Data on Websites
The Information and Privacy Agency (IPA), within the framework of its legal mandate and the inspection plan for supervising the implementation of Law No. 06/L-082 on Personal Data Protection, has identified that a number of controllers operating through websites have not established adequate transparency and information mechanisms regarding the processing of personal data during users’ visits to these websites.
In particular, it has been observed that some websites lack an initial notice regarding the use of cookies, lack a cookies policy, and fail to provide clear, complete, and accessible information regarding the fact that personal data of visitors may be collected and processed during visits to the website. This may include IP addresses, online identifiers, device-related data, data on user behaviour on the website, as well as other data which, according to the applicable legislation, are considered personal data.
We remind you that, in your capacity as a controller, you are obliged to process personal data in accordance with the principles of lawfulness, fairness and transparency, and to ensure that the data subject is clearly, accurately and timely informed about any processing of their personal data.
For this reason, you are required to undertake the necessary measures to fulfil your legal obligations by ensuring that:
Please be informed that the IPA has put in place mechanisms and tools for the identification, verification and inspection of websites that process personal data without informing data subjects in accordance with the requirements of Law No. 06/L-082 on Personal Data Protection.
Within the framework of these activities, websites that collect personal data through cookies, IP addresses, online forms, analytical tools, plug-ins, and other similar technologies without providing the necessary transparency to their visitors will be systematically verified.
This notice constitutes a general warning prior to the undertaking of inspections of controllers operating through websites and processing personal data without fulfilling their legal obligations regarding information and transparency.
In cases where irregularities or violations of the provisions of Law No. 06/L-082 on Personal Data Protection are identified during inspection, all findings will be analysed by the Agency and, in accordance with the legal competences and the nature of the identified violations, appropriate measures will be undertaken in accordance with the law, including the imposition of sanctions.
The absence of a privacy policy, the absence of a cookies policy, the absence of prior notice regarding the use of cookies and similar technologies, as well as the absence of information regarding the processing of personal data during visits to the website constitute a failure to comply with obligations arising from Law No. 06/L-082 on Personal Data Protection and undermine the right of the data subject to be informed about the processing of their personal data.
Therefore, you are requested, within a period of 15 days from the date of receipt of this notice, to undertake all necessary actions to harmonise your website with legal requirements and to ensure that the information provided to data subjects is complete, clear and in compliance with the law.
After the expiration of this deadline, the Agency will proceed with supervisory and inspection activities in accordance with the inspection plan and within its legal competences.