Irish cookies law - what you need to do

How should you handle your website cookies in Ireland?

What are cookies?

Cookies are files that are stored on a user’s computer hard drive by a website which can then collect information about the user’s preferences and other information which a user will need when visiting a website, for example log in details, credit card details, locations, preferences and any personal details a user submits to the website for whatever reason. The information stored in a cookie relates to how the user browses the website and allows the website to remember that user and their preferences when they return to it at a later date. Importantly cookies are also used for marketing and advertising purposes as seen below.

What does Irish law say about cookies?

The applicable regulations governing the use of cookies are Regulation 5 of the Electronic Privacy Regulations 2011[i]. These regulations, together with the Data Protection Acts, govern how cookies can be used and how the website users must be informed of the usage of such cookies. These regulations state that users are to be provided with clear and comprehensive information which is:

  • Prominently displayed
  • Easily accessible
  • Provides details of the purpose for which the cookies are being used

The regulations also note that the methods of providing such information together with the giving of consent should be as user-friendly as possible. The regulations however do not go into detail as to specifically what types of cookies require different forms of consent by the user. For example again you will note with various websites the user must click on a tick-box which allows a user to proceed to use the website once that user has accepted the cookies policy. If this is not done certain functions of the website, usually those for which cookies are required, will not be accessible to that user. This is known as an ‘Opt In’ provision on the website and is in place to deal with what is known as the use of third party cookies.

Cookies - RTE

The longstanding issue in this jurisdiction is that up to recently it has been unclear from the Data Protection Commission as to how the consent requirement, as set out in Regulation 5, should be met. Regulations 5 simply states that the requirement for consent is to be met where “technologically possible” and via browser settings. The issue here however is that most browser settings are set at a default setting of allowing cookies unless the user specifically disables this feature. Furthermore up until recently, enforcement of Regulation 5 has been confined to larger organisations however it is now very clear that even the smallest of enterprises that maintain a website need to be aware of the regulations covering cookie usage and ensure that their website users are aware as to how their website uses cookies. The Article 29 Working Group has given their opinion[ii] on how websites should implement the regulations as follows:

  1. First Party Cookies – These are cookies installed by the site you are using, that are less intrusive in nature such as cookies which record information necessary to allow the user to actually use the features of the website. Some examples would be the details a user may enter to allow for a ‘shopping cart’ feature of a website to be utilised. Article 29 Working Group has suggested that an “Opt Out” may be sufficient for such cookies. They have also noted that consent to the usage of such cookies may be given by the website user agreeing to the website terms and conditions. Therefore no separate “Opt In” requirement would be necessary. In such situations however the websites terms and conditions should specifically state that there is an “Opt Out” for first party analytic cookies. Importantly such cookies should have a life span that is only as long as the information is required to use the service. For example a user entering credit card details for a purchase assumes that the information collected by that specific cookie will only be used for that specific transaction and dispensed with once the transaction is completed. The situation however with First Party Analytical cookies is less clear. Whilst such cookies, which for example tell the website owner where the website users are located (Google Analytics for example) do not cause a privacy risk as third party cookies might do so. As such it is generally accepted that such cookies do not require a specific “Opt In” provision as long as there is an adequate “Opt Out” provision within the terms and conditions on the website. It is however generally recommended to include such cookies in an “Opt In” provision to strictly adhere to the regulations. Such first party analytic cookies must be used for first party aggregated statistical purposes only.
  1. Third Party Cookies – These cookies are installed by other sites and are much more intrusive and are essentially behavioral marketing cookies. They track information about what the user does on the internet and then will assess the website user’s preferences, interest and personal information which allows for effective marketing to that user. Article 29 Working Group is of the view that the usage of such cookies “raises important data protection and privacy related concerns” and further has noted that in order to allow the usage of such cookies a positive indication of consent is requiredTherefore the user must for example click on a button to allow the user to continue to use the website with full knowledge that third party analytic cookies are being used. As such the “Opt In” requirement is a necessity for all websites where such cookies are used. Such consent must also be revocable by the user at a later date.

Cookies - iCloud

What you need to do if you own a website in Ireland?

It appears therefore that the Data Protection Commission will be satisfied if the website contains a very obvious notice giving clear information to the website user which the user can then click through to make an informed consent. Examples of this can be seen on or Other examples of what is acceptable are splash screens, pop ups and banners across websites which are deemed to be an ‘opt in’ if the website user continues to use the website. For further information please visit the following link –
Download our Cookie rescue package! (includes pricing)

Ask us, we can help!

Contact me (Niall Geaney) if you would like me to review your cookie/privacy policy or terms and conditions for your site. I can also cover multiple countries if needed.


Guest Author: Niall Geaney

Solicitor (Patrick P. Geaney Solicitors, Dublin)
01 8531400

Co-Author: Clare Kelly

Account Manager (Gaumina Ireland)
01 5111262

Contact Clare Gaumina Account Manager if you need to implement a cookie notification on your site, or if would like to talk about your digital marketing plans or ideas for upcoming Digital projects.

Article References:

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
4 Important Digital Marketing Channels You Should Know About

4 Important Digital Marketing Channels You Should Know About

It goes without saying that a company can't do without digital marketing in today's world.

Digital Doughnut Contributor
Digital Doughnut Contributor 5 November 2014
Read more
Google Analytics in Only Three Numbers

Google Analytics in Only Three Numbers

Financial advisors and other professionals can decipher a lot of information from Google Analytics with three simple categories.

Marina Howell
Marina Howell 17 October 2016
Read more
How to Optimize Your Confirmation Email Design and Make It Bring You More Sales

How to Optimize Your Confirmation Email Design and Make It Bring You More Sales

Email marketing is not just about newsletters! Transactional and confirmation emails shouldn’t be neglected when it comes to design and content. An exceptional confirmation email can help you nail another purchase in minutes.

Roland Pokornyik
Roland Pokornyik 17 October 2016
Read more
Digital Marketing Vs. Traditional Marketing: Which One Is Better?

Digital Marketing Vs. Traditional Marketing: Which One Is Better?

What's the difference between digital marketing and traditional marketing, and why does it matter? The answers may surprise you.

Julie Cave
Julie Cave 14 July 2016
Read more
How to Solve the Two Biggest Challenges of Social Media Marketing

How to Solve the Two Biggest Challenges of Social Media Marketing

Most small businesses spend more than 6 hours per week on social media marketing and more than one-third post at least once per day. Along with finding the time, the other biggest challenge professionals face is finding the right content to post. If you’re experiencing these challenges, keep reading because we’re going to help you solve them.

Melissa Darcey
Melissa Darcey 20 October 2016
Read more