forburyTech
The Start-UP Business Advisors

Articles

INDUSTRY INSIGHTS, NEWS AND KNOW-HOW

 

COOKIES REFRESHER - what’s new?

selective-focus-photography-of-chocolate-cookies-1775283.jpg

Most people have heard about “cookies” and that they are used by websites to collect and store information.

Most businesses will also have heard of the EU’s Privacy and Electronic Communications Directive (the  e-privacy Directive) and that they need to comply with this when promoting their goods and services within the EU.

You would think that it would be safe to assume there is a high level of compliance with the e-privacy rules given that nearly every website has a cookie pop up or banner when you first click on a website.

Well, this is not quite the case according to a report prepared by the Irish Data Protection Commission (IDPC) updated on 6 April 2020.

That report shared findings of its “cookie sweep” which surveyed selected Irish organisations regarding the use of cookies on their website. The IDPC found that almost all of the participants sites had compliance issues, ranging from minor to serious. The IDPC commented that even household names had been guilty of some obvious infringements which included:

  • using pre-checked boxes opting a user into analytics and marketing cookies by default;

  • relying on implied consent to allow cookies (i.e. “By continuing to use this website)”.

The IDPC has also issued new guidance on the use of Cookies and other tracking technologies. Whilst the Information Commissioner’s Office (ICO) has issued its own guidance as has other data protection authorities within the EU, the IDPC Guidance is important to note and should be taken into account by organisations with websites that promote goods and services across the EU, including Ireland.

Some top compliance tips from the IDPC Guidance:           

DON’T’s

  • NO PRE-CHECKED BOXES – or sliders or other tools set to ON by default to signal consent

  • NO ASSUMPTIONS – Obtaining consent by implication is not permitted  (e.g “by continuing to use our website”)

  • NO NUDGING - Cookie banners should not provide just one option such as “Got it “ or “ I Accept”. An alternative must be given equal prominence on the banner to either reject all or provide a layer to find out more information about use of cookies.                                                             

  • NO BUNDLING – A user should be able to consent to one use and not the other. Consent should not be a condition of use of the website or service.

DO’s

  • REFRESH CONSENT - It is wise to reaffirm user consent  after 6 months*  (*No specific period is given by the ICO and mentioned by the IDPC as a  guide only)

  • CHECK FOR OTHER WIDGETS – Consider third parties use of plug-ins such as Like buttons as they will be covered by the e-privacy laws

  • CHECK LIFESPAN – Cookies should only last for as long as is necessary for functionality. It will not be necessary for example for a session cookie to last indefinitely.

  • DESIGN FAIRLY – Consider the colour scheme for banners or sliders to ensure that these and any checkboxes do not blend into the website or make it difficult for people with vision user with the banner or with information about cookies, are not compliant with the law. You cannot assume that a user who merely scrolls a page or clicks an element on the page has seen and read the information in a cookie banner, unless you can demonstrate clearly that they have engaged with the information and given their unambiguous consent to the setting of cookies and the purposes of the processing. 

For more information, get in touch with one of the forburyTECH team.

Clarkslegal LLP1 Comment