Article

Digital Doughnut Contributor
Digital Doughnut Contributor 11 March 2013
Categories

Irish cookies law - what you need to do

How should you handle your website cookies in Ireland?

What are cookies?

Cookies are files that are stored on a user’s computer hard drive by a website which can then collect information about the user’s preferences and other information which a user will need when visiting a website, for example log in details, credit card details, locations, preferences and any personal details a user submits to the website for whatever reason. The information stored in a cookie relates to how the user browses the website and allows the website to remember that user and their preferences when they return to it at a later date. Importantly cookies are also used for marketing and advertising purposes as seen below.

What does Irish law say about cookies?

The applicable regulations governing the use of cookies are Regulation 5 of the Electronic Privacy Regulations 2011[i]. These regulations, together with the Data Protection Acts, govern how cookies can be used and how the website users must be informed of the usage of such cookies. These regulations state that users are to be provided with clear and comprehensive information which is:

  • Prominently displayed
  • Easily accessible
  • Provides details of the purpose for which the cookies are being used

The regulations also note that the methods of providing such information together with the giving of consent should be as user-friendly as possible. The regulations however do not go into detail as to specifically what types of cookies require different forms of consent by the user. For example again you will note with various websites the user must click on a tick-box which allows a user to proceed to use the website once that user has accepted the cookies policy. If this is not done certain functions of the website, usually those for which cookies are required, will not be accessible to that user. This is known as an ‘Opt In’ provision on the website and is in place to deal with what is known as the use of third party cookies.

Cookies - RTE

The longstanding issue in this jurisdiction is that up to recently it has been unclear from the Data Protection Commission as to how the consent requirement, as set out in Regulation 5, should be met. Regulations 5 simply states that the requirement for consent is to be met where “technologically possible” and via browser settings. The issue here however is that most browser settings are set at a default setting of allowing cookies unless the user specifically disables this feature. Furthermore up until recently, enforcement of Regulation 5 has been confined to larger organisations however it is now very clear that even the smallest of enterprises that maintain a website need to be aware of the regulations covering cookie usage and ensure that their website users are aware as to how their website uses cookies. The Article 29 Working Group has given their opinion[ii] on how websites should implement the regulations as follows:

  1. First Party Cookies – These are cookies installed by the site you are using, that are less intrusive in nature such as cookies which record information necessary to allow the user to actually use the features of the website. Some examples would be the details a user may enter to allow for a ‘shopping cart’ feature of a website to be utilised. Article 29 Working Group has suggested that an “Opt Out” may be sufficient for such cookies. They have also noted that consent to the usage of such cookies may be given by the website user agreeing to the website terms and conditions. Therefore no separate “Opt In” requirement would be necessary. In such situations however the websites terms and conditions should specifically state that there is an “Opt Out” for first party analytic cookies. Importantly such cookies should have a life span that is only as long as the information is required to use the service. For example a user entering credit card details for a purchase assumes that the information collected by that specific cookie will only be used for that specific transaction and dispensed with once the transaction is completed. The situation however with First Party Analytical cookies is less clear. Whilst such cookies, which for example tell the website owner where the website users are located (Google Analytics for example) do not cause a privacy risk as third party cookies might do so. As such it is generally accepted that such cookies do not require a specific “Opt In” provision as long as there is an adequate “Opt Out” provision within the terms and conditions on the website. It is however generally recommended to include such cookies in an “Opt In” provision to strictly adhere to the regulations. Such first party analytic cookies must be used for first party aggregated statistical purposes only.
  1. Third Party Cookies – These cookies are installed by other sites and are much more intrusive and are essentially behavioral marketing cookies. They track information about what the user does on the internet and then will assess the website user’s preferences, interest and personal information which allows for effective marketing to that user. Article 29 Working Group is of the view that the usage of such cookies “raises important data protection and privacy related concerns” and further has noted that in order to allow the usage of such cookies a positive indication of consent is requiredTherefore the user must for example click on a button to allow the user to continue to use the website with full knowledge that third party analytic cookies are being used. As such the “Opt In” requirement is a necessity for all websites where such cookies are used. Such consent must also be revocable by the user at a later date.

Cookies - iCloud

What you need to do if you own a website in Ireland?

It appears therefore that the Data Protection Commission will be satisfied if the website contains a very obvious notice giving clear information to the website user which the user can then click through to make an informed consent. Examples of this can be seen on www.rte.ie or www.bbc.co.uk Other examples of what is acceptable are splash screens, pop ups and banners across websites which are deemed to be an ‘opt in’ if the website user continues to use the website. For further information please visit the following link –http://www.dataprotection.ie/docs/PrivStatements/290.htm
Download our Cookie rescue package! (includes pricing)

Ask us, we can help!

Contact me (Niall Geaney) if you would like me to review your cookie/privacy policy or terms and conditions for your site. I can also cover multiple countries if needed.

irish-solicitors-patrick-geaney-logo

niall-geaney-solicitor-ireland
Guest Author: Niall Geaney
Solicitor (Patrick P. Geaney Solicitors, Dublin)
01 8531400

niall@geaneysolicitors.ie


Co-Author: Clare Kelly
Account Manager (Gaumina Ireland)
01 5111262

c.kelly@gaumina.ie

Contact Clare Gaumina Account Manager if you need to implement a cookie notification on your site, or if would like to talk about your digital marketing plans or ideas for upcoming Digital projects.

Article References:

0

Comments
Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
The Impact of New Technology on Marketing

The Impact of New Technology on Marketing

Technology has impacted every part of our lives. From household chores to business disciplines and etiquette, there's a gadget or app for it. Marketing has changed dramatically over the years, but what is the...

Alex Lysak
Alex Lysak 3 April 2024
Read more
How to Review a Website — A Guide for Beginners

How to Review a Website — A Guide for Beginners

A company website is crucial for any business's digital marketing strategy. To keep up with the changing trends and customer buying behaviors, it's important to review and make necessary changes regularly...

Digital Doughnut Contributor
Digital Doughnut Contributor 25 March 2024
Read more
7 Reasons Why Social Media Marketing is Important For Your Business

7 Reasons Why Social Media Marketing is Important For Your Business

In the past two decades social media has become a crucial tool for marketers, enabling businesses to connect with potential customers. If your business has yet to embrace social media and you want to know why it is...

Sharron Nelson
Sharron Nelson 29 February 2024
Read more
10 Factors that Influence Customer Buying Behaviour Online

10 Factors that Influence Customer Buying Behaviour Online

Now is an era where customers take the center stags influencing business strategies across industries. No business can afford to overlook factors that could either break the customer experience or even pose a risk of...

Edward Roesch
Edward Roesch 4 June 2018
Read more
What Marketing Content Do Different Age Groups like to Consume?

What Marketing Content Do Different Age Groups like to Consume?

Today marketers have a wide choice of different content types to create; from video to blogs, from memes to whitepapers. But which types of content are most suitable for different age groups?

Lisa Curry
Lisa Curry 21 October 2016
Read more