Irish cookies law - what you need to do

How should you handle your website cookies in Ireland?

What are cookies?

Cookies are files that are stored on a user’s computer hard drive by a website which can then collect information about the user’s preferences and other information which a user will need when visiting a website, for example log in details, credit card details, locations, preferences and any personal details a user submits to the website for whatever reason. The information stored in a cookie relates to how the user browses the website and allows the website to remember that user and their preferences when they return to it at a later date. Importantly cookies are also used for marketing and advertising purposes as seen below.

What does Irish law say about cookies?

The applicable regulations governing the use of cookies are Regulation 5 of the Electronic Privacy Regulations 2011[i]. These regulations, together with the Data Protection Acts, govern how cookies can be used and how the website users must be informed of the usage of such cookies. These regulations state that users are to be provided with clear and comprehensive information which is:

  • Prominently displayed
  • Easily accessible
  • Provides details of the purpose for which the cookies are being used

The regulations also note that the methods of providing such information together with the giving of consent should be as user-friendly as possible. The regulations however do not go into detail as to specifically what types of cookies require different forms of consent by the user. For example again you will note with various websites the user must click on a tick-box which allows a user to proceed to use the website once that user has accepted the cookies policy. If this is not done certain functions of the website, usually those for which cookies are required, will not be accessible to that user. This is known as an ‘Opt In’ provision on the website and is in place to deal with what is known as the use of third party cookies.

Cookies - RTE

The longstanding issue in this jurisdiction is that up to recently it has been unclear from the Data Protection Commission as to how the consent requirement, as set out in Regulation 5, should be met. Regulations 5 simply states that the requirement for consent is to be met where “technologically possible” and via browser settings. The issue here however is that most browser settings are set at a default setting of allowing cookies unless the user specifically disables this feature. Furthermore up until recently, enforcement of Regulation 5 has been confined to larger organisations however it is now very clear that even the smallest of enterprises that maintain a website need to be aware of the regulations covering cookie usage and ensure that their website users are aware as to how their website uses cookies. The Article 29 Working Group has given their opinion[ii] on how websites should implement the regulations as follows:

  1. First Party Cookies – These are cookies installed by the site you are using, that are less intrusive in nature such as cookies which record information necessary to allow the user to actually use the features of the website. Some examples would be the details a user may enter to allow for a ‘shopping cart’ feature of a website to be utilised. Article 29 Working Group has suggested that an “Opt Out” may be sufficient for such cookies. They have also noted that consent to the usage of such cookies may be given by the website user agreeing to the website terms and conditions. Therefore no separate “Opt In” requirement would be necessary. In such situations however the websites terms and conditions should specifically state that there is an “Opt Out” for first party analytic cookies. Importantly such cookies should have a life span that is only as long as the information is required to use the service. For example a user entering credit card details for a purchase assumes that the information collected by that specific cookie will only be used for that specific transaction and dispensed with once the transaction is completed. The situation however with First Party Analytical cookies is less clear. Whilst such cookies, which for example tell the website owner where the website users are located (Google Analytics for example) do not cause a privacy risk as third party cookies might do so. As such it is generally accepted that such cookies do not require a specific “Opt In” provision as long as there is an adequate “Opt Out” provision within the terms and conditions on the website. It is however generally recommended to include such cookies in an “Opt In” provision to strictly adhere to the regulations. Such first party analytic cookies must be used for first party aggregated statistical purposes only.
  1. Third Party Cookies – These cookies are installed by other sites and are much more intrusive and are essentially behavioral marketing cookies. They track information about what the user does on the internet and then will assess the website user’s preferences, interest and personal information which allows for effective marketing to that user. Article 29 Working Group is of the view that the usage of such cookies “raises important data protection and privacy related concerns” and further has noted that in order to allow the usage of such cookies a positive indication of consent is requiredTherefore the user must for example click on a button to allow the user to continue to use the website with full knowledge that third party analytic cookies are being used. As such the “Opt In” requirement is a necessity for all websites where such cookies are used. Such consent must also be revocable by the user at a later date.

Cookies - iCloud

What you need to do if you own a website in Ireland?

It appears therefore that the Data Protection Commission will be satisfied if the website contains a very obvious notice giving clear information to the website user which the user can then click through to make an informed consent. Examples of this can be seen on or Other examples of what is acceptable are splash screens, pop ups and banners across websites which are deemed to be an ‘opt in’ if the website user continues to use the website. For further information please visit the following link –
Download our Cookie rescue package! (includes pricing)

Ask us, we can help!

Contact me (Niall Geaney) if you would like me to review your cookie/privacy policy or terms and conditions for your site. I can also cover multiple countries if needed.


Guest Author: Niall Geaney

Solicitor (Patrick P. Geaney Solicitors, Dublin)
01 8531400

Co-Author: Clare Kelly

Account Manager (Gaumina Ireland)
01 5111262

Contact Clare Gaumina Account Manager if you need to implement a cookie notification on your site, or if would like to talk about your digital marketing plans or ideas for upcoming Digital projects.

Article References:

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
Is Email Dead, Or Are We Just Bored With It?

Is Email Dead, Or Are We Just Bored With It?

In today's digital era dominated by social media, instant messaging, and collaboration tools, one question looms large: Does email still have a role to play? Some argue that it's on life support, while others...

Julia Herd
Julia Herd 22 November 2023
Read more
The Innovative Digital Marketing Strategies Leveraging AI

The Innovative Digital Marketing Strategies Leveraging AI

This article will assist digital marketers in grasping the advantages and disadvantages of employing artificial intelligence in their online marketing tactics. You will learn about the effects of AI on online...

joseph chain
joseph chain 17 October 2023
Read more
Marketing Emails vs Newsletters: What’s the Difference?

Marketing Emails vs Newsletters: What’s the Difference?

If anyone can clarify the difference between marketing emails and newsletters, it’s Alexander Melone, co-founder of San Francisco-based email marketing agency CodeCrew. But, as we’re about to find out, the distinction...

Alex Melone
Alex Melone 14 November 2023
Read more
Best Practices for Effective Dashboard Design

Best Practices for Effective Dashboard Design

In the age of data-driven operations, dashboards have emerged as an essential tool for businesses. They serve as a gateway to data, enabling users to monitor, analyze, and visually represent vital performance...

Ravi Shukla
Ravi Shukla 17 November 2023
Read more
Customer-Centric Marketing: The Heartbeat of Modern UK Retail

Customer-Centric Marketing: The Heartbeat of Modern UK Retail

The UK retail scene, with its diverse offerings from luxe brands to quaint local stores, is witnessing a paradigm shift: The rise of customer-centric marketing. This isn’t just about selling; it’s about understanding,...

Andrew Addison
Andrew Addison 21 November 2023
Read more