On the 6th April 2020 the Irish Data Protection Commission (‘DPC’) issued a report on ‘the use of cookies and other tracking technologies’. In this report, the DPC outlined that the majority of websites in Ireland do not comply fully with the regulations. As a result they gave companies 6 months to examine their practices with regard to the use of website cookies and other tracking technologies (using the DPC’s newly published guidance) and to make their website compliant by 5th October 2020. After this date, the DPC will start issuing fines to companies that do not comply.
Have you checked your website recently? Does it comply with the current ePrivacy and GDPR regulations? 

 

So what has actually changed since GDPR was introduced in 2018? 

The original law on cookies has not changed. What has changed is the definition of consent to process personal data. The new definition of consent is:

“it must be freely given, specific, informed and unambiguous, by a statement or by a clear affirmative action, which signifies agreement to the processing of personal data relating to him or her”.

As a result of the revised regulation (ePrivacy directive), the user must:

  • be able to consent to or reject having cookies set
  • be provided with clear and comprehensive information about each cookie before consenting/rejecting
  • be provided with the option to choose which cookies they are consenting to/rejecting
  • be able to change/withdraw their consent at any time with the same ease as consenting in the first place
  • have the information about cookies and consenting to them prominently displayed and easily accessible
  • understand how and why the cookie is using the information

The Data Protection Commission offers a full guide on everything you need to know about the new cookie policy, and you can review it here.

 

I think my website does all that - so does it comply?

Reading the above revised regulations, you may think that your website complies - but are you sure? 

  • have you run a cookie audit to confirm what cookies are being set?
  • you must be sure that no cookie is being set prior to a user consenting
  • if a user rejects cookies, they must still be able to access your website.
  • an ‘Accept All’/‘Reject All’ button to consent/reject cookies is no longer acceptable. The user must be presented with the option to be able to only consent to some cookies. 
  • each cookie must be explained clearly, and this must be offered in the same user interface as the consent/reject button - it cannot be hidden away on a Cookie Policy page on the website.
  • within the options to consent/reject cookies, the options cannot be pre-checked (apart from necessary cookies, without which the website will not function - see note below).

So what do I need to do now?

If your website does not offer all of the above options, then you need to update the cookie management on your website. There are a number of tools available to manage cookies to comply with the regulations. Our favourite is CookieBot.

It scans your website and details all the cookies that are set by your website. It automatically sorts them into groups based on cookie type, what information they store and how long they remain set. All of this information is then bundled into a
user-friendly pop-up window to display on your website with all of the options available to comply with the regulations. One of the benefits of this solution is that CookieBot continuously scans your website to keep the cookie information completely up-to-date, so you don’t have to worry if your cookies change in the future.

If you are unsure how to run a cookie audit or how to update the cookie management on your website, then we can help.

Contact us now 

Necessary Cookies

These cookies are essential for a user to browse your website and use its features, such as accessing secure areas of the site or to allow a web store hold a users items in their cart while they are shopping online. These cookies will generally be first-party session cookies (but not all first-party cookies are necessary cookies). While it is not required to obtain consent for these cookies, what they do and why they are necessary need to be explained to the user.

GDPR, Cookies, ePrivacy,

Add new comment

About text formats

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
Cookie Settings