Article

Categories

Irish cookies law - what you need to do

How should you handle your website cookies in Ireland?

What are cookies?

Cookies are files that are stored on a user’s computer hard drive by a website which can then collect information about the user’s preferences and other information which a user will need when visiting a website, for example log in details, credit card details, locations, preferences and any personal details a user submits to the website for whatever reason. The information stored in a cookie relates to how the user browses the website and allows the website to remember that user and their preferences when they return to it at a later date. Importantly cookies are also used for marketing and advertising purposes as seen below.


What does Irish law say about cookies?

The applicable regulations governing the use of cookies are Regulation 5 of the Electronic Privacy Regulations 2011[i]. These regulations, together with the Data Protection Acts, govern how cookies can be used and how the website users must be informed of the usage of such cookies. These regulations state that users are to be provided with clear and comprehensive information which is:

  • Prominently displayed
  • Easily accessible
  • Provides details of the purpose for which the cookies are being used

The regulations also note that the methods of providing such information together with the giving of consent should be as user-friendly as possible. The regulations however do not go into detail as to specifically what types of cookies require different forms of consent by the user. For example again you will note with various websites the user must click on a tick-box which allows a user to proceed to use the website once that user has accepted the cookies policy. If this is not done certain functions of the website, usually those for which cookies are required, will not be accessible to that user. This is known as an ‘Opt In’ provision on the website and is in place to deal with what is known as the use of third party cookies.

Cookies - RTE

The longstanding issue in this jurisdiction is that up to recently it has been unclear from the Data Protection Commission as to how the consent requirement, as set out in Regulation 5, should be met. Regulations 5 simply states that the requirement for consent is to be met where “technologically possible” and via browser settings. The issue here however is that most browser settings are set at a default setting of allowing cookies unless the user specifically disables this feature. Furthermore up until recently, enforcement of Regulation 5 has been confined to larger organisations however it is now very clear that even the smallest of enterprises that maintain a website need to be aware of the regulations covering cookie usage and ensure that their website users are aware as to how their website uses cookies. The Article 29 Working Group has given their opinion[ii] on how websites should implement the regulations as follows:

  1. First Party Cookies – These are cookies installed by the site you are using, that are less intrusive in nature such as cookies which record information necessary to allow the user to actually use the features of the website. Some examples would be the details a user may enter to allow for a ‘shopping cart’ feature of a website to be utilised. Article 29 Working Group has suggested that an “Opt Out” may be sufficient for such cookies. They have also noted that consent to the usage of such cookies may be given by the website user agreeing to the website terms and conditions. Therefore no separate “Opt In” requirement would be necessary. In such situations however the websites terms and conditions should specifically state that there is an “Opt Out” for first party analytic cookies. Importantly such cookies should have a life span that is only as long as the information is required to use the service. For example a user entering credit card details for a purchase assumes that the information collected by that specific cookie will only be used for that specific transaction and dispensed with once the transaction is completed. The situation however with First Party Analytical cookies is less clear. Whilst such cookies, which for example tell the website owner where the website users are located (Google Analytics for example) do not cause a privacy risk as third party cookies might do so. As such it is generally accepted that such cookies do not require a specific “Opt In” provision as long as there is an adequate “Opt Out” provision within the terms and conditions on the website. It is however generally recommended to include such cookies in an “Opt In” provision to strictly adhere to the regulations. Such first party analytic cookies must be used for first party aggregated statistical purposes only.
  1. Third Party Cookies – These cookies are installed by other sites and are much more intrusive and are essentially behavioral marketing cookies. They track information about what the user does on the internet and then will assess the website user’s preferences, interest and personal information which allows for effective marketing to that user. Article 29 Working Group is of the view that the usage of such cookies “raises important data protection and privacy related concerns” and further has noted that in order to allow the usage of such cookies a positive indication of consent is requiredTherefore the user must for example click on a button to allow the user to continue to use the website with full knowledge that third party analytic cookies are being used. As such the “Opt In” requirement is a necessity for all websites where such cookies are used. Such consent must also be revocable by the user at a later date.

Cookies - iCloud


What you need to do if you own a website in Ireland?

It appears therefore that the Data Protection Commission will be satisfied if the website contains a very obvious notice giving clear information to the website user which the user can then click through to make an informed consent. Examples of this can be seen on www.rte.ie or www.bbc.co.uk Other examples of what is acceptable are splash screens, pop ups and banners across websites which are deemed to be an ‘opt in’ if the website user continues to use the website. For further information please visit the following link –http://www.dataprotection.ie/docs/PrivStatements/290.htm
Download our Cookie rescue package! (includes pricing)

Ask us, we can help!

Contact me (Niall Geaney) if you would like me to review your cookie/privacy policy or terms and conditions for your site. I can also cover multiple countries if needed.

irish-solicitors-patrick-geaney-logo

niall-geaney-solicitor-ireland
Guest Author: Niall Geaney

Solicitor (Patrick P. Geaney Solicitors, Dublin)
01 8531400

niall@geaneysolicitors.ie


Co-Author: Clare Kelly

Account Manager (Gaumina Ireland)
01 5111262

c.kelly@gaumina.ie

Contact Clare Gaumina Account Manager if you need to implement a cookie notification on your site, or if would like to talk about your digital marketing plans or ideas for upcoming Digital projects.

Article References:

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
4 Important Digital Marketing Channels You Should Know About

4 Important Digital Marketing Channels You Should Know About

It goes without saying that a company can't do without digital marketing in today's world.

Digital Doughnut Contributor
Digital Doughnut Contributor 5 November 2014
Read more
Digital Marketing Vs. Traditional Marketing: Which One Is Better?

Digital Marketing Vs. Traditional Marketing: Which One Is Better?

What's the difference between digital marketing and traditional marketing, and why does it matter? The answers may surprise you.

Julie Cave
Julie Cave 14 July 2016
Read more
Life of a Twitter Influencer [Infographic]

Life of a Twitter Influencer [Infographic]

The following infographic Illustrates the life of a Twitter Influencer and includes everything from earnings, cheatsheets and social movements started on Twitter. While Twitter may not be the most popular social channel it is still one of the most powerful channels to spark online conversation. If you're a Twitter influencer, this infographic is the ultimate guideline to your future tweets.

Chiara Di Rago
Chiara Di Rago 30 November 2016
Read more
50 Chrome Extensions That Will Boost Your Productivity

50 Chrome Extensions That Will Boost Your Productivity

Today you can find Google Chrome extensions for almost anything that you can think about. In the sea of available extensions, it can be a hustle to choose which one are the best for your type of the business.

Aleksej Durdevic
Aleksej Durdevic 29 November 2016
Read more
Digital Marketing - The Wave of the Future

Digital Marketing - The Wave of the Future

With social media platforms like Facebook holding well over 1.6 billion users world-wide (and counting), these digital platforms have become the new marketplace. In order to properly promote business brands and products or services, an online company needs to employ the services of a specialist known as a digital marketer.

Mohammad Farooq
Mohammad Farooq 29 November 2016
Read more