The use of cookies is governed by Art. 157 of the Electronic Communications Act (Zakon o elektronskih komunikacijah, ZEKom-1; English translation is available for download here).
As a rule, consent fulfilling the requirements of the GDPR is needed for the setting of, or access to, cookies. Prior to giving consent, user has to be given clear and comprehensive information about the data controller and the purposes of processing. If technically feasible and compatible with the GDPR, users may also give consent by using appropriate browser settings.
However, consent is not required for cookies used exclusively for the purpose of carrying out the transmission of a communication over an electronic communications network, or if they are strictly necessary in order for the provider of an information society service explicitly requested by the user to provide that service.
The Slovenian Information Commissioner has clarified that also device/browser fingerprinting and similar tracking technologies have to comply with Art. 157 ZEKom-1.
