Cookie Usage In Ireland
0 likes424 views
The document reports on a meeting regarding the EU Privacy Directive that became law in Ireland on July 1, 2011, focusing particularly on the usage of third-party cookies. It outlines the Data Protection Commissioner's (DPC) guidance for businesses to ensure compliance, recommending audits of cookie usage while clarifying that essential cookies do not require consent. The DPC emphasizes that the regulations apply even to entities without a physical presence in Ireland and expects the industry to provide realistic solutions for user privacy and tracking.
Cookie Usage In Ireland
- 1. Christchurch Dublin Contact Report Tel: +353 (0)1 415 0300 Client: IAB & DPC www.mindshareworld.com A GroupM Company Product: EU Privacy Directive Subject: Report No.: Meeting Date: 21 July 2011 Report Date: 22 July 2011 Minutes By: Ciaran Norris Representing: IAB & DPC: MindShare: Others: Distribution: Re: Action: On July 1 2011, the EU Privacy Directive became law in the Republic of Ireland. The Directive covers a number of areas, but of particular interest to many businesses is its relation to the use of 3rd party cookies. The Data Protection Commissioner has released guidance on how the directive will be translated and implemented. In order to build a deeper understanding of what the directive means, the IAB Ireland organised a meeting with the DPC to discuss a number of the issues arising. These notes should act as a guideline on how to ensure that your business does not fall foul of the act, but should not be considered as legal advice, and we would strongly recommend that any concerned businesses undertake audits of all 3rd party cookies that they may currently use, such as onsite analytics, or advertising tracking. The DPC is open to offering advice to businesses on particular solutions they feel might ensure that they are covered, but will not do so for anonymous submissions. The DPC are in a period of providing advice and guidance on the Regulations in this area at this point in time and plan to address any matters arising on a pragmatic basis. o There is not a ‘grace period’ as this would be Registered Office: 3 Christchurch Square, Dublin 8. No.307201. Part of WPP Worldwide
- 2. Page 2 Re: Action: impossible as the Directive is now law – but they are continuing to gather information. o The DPC is also listening to informed opinion, and thanked the IAB for their ongoing opinion and advice. Any complaints will be investigated, but in so far as possible within the law likely on a sectoral basis so as to avoid the possibility of unfairly impacting any specific company complained against in an industry sector if their practice is in line with that in a sector. As stated in the guidance, cookies used for essential user actions, such as filling online shopping baskets, do not require consent but should not last more than 1 session. The DPC is considering what the definition of a session is, as some users may leave computers on/browsers open constantly. There are no criminal sanctions relating to section 5.3 of the act (referring to cookies), but they will, if all other options are taken and fail to resolve a complaint, use their powers of enforcement. Regarding the use of cookies for ‘operational’ tools, such as on-site analytics, which are essential for many online businesses, but not for consumers, the DPC believes that a clear link from the homepage, with supporting information, to an opt-out page with details of what data is collected, why, and for how long, could be considered as advance consent but this would only apply to certain uses of cookies, and depends on the IAB/industry supplying more information on how these function, which we have promised to do. o This should not be taken as a final ruling, but simply as current opinion based on the information available to him, and the explanations provided in the meeting by the IAB members The regulations apply even if you have no physical presence in Ireland, and if your servers are located outside the Republic if the relevant establishment providing the service is not located elsewhere in the EU where the law of that EU MS would apply. They apply to entities with a legal, physical establishment in the country
- 3. Page 3 Re: Action: Regarding the use of other ‘operational’ cookies, such as those for the attribution of ad effectiveness, or frequency capping, he welcomed the IAB providing more information and said that would inform his opinion as to what might constitute advance consent On the issue of behavioral targeting, which was the main reason for the inclusion of cookies in the Directive, he feels that the education efforts of the industry, in the form of the OBA, are a step in the right direction, but will need more work The DPC believes that moves by browser manufacturers to improve the ability to easily change browser settings, will be part of a final solution for the use of cookies in targeted advertising. The DPC expects industry to come forward with realistic solutions that meet the law's objective of giving users real control over the extent to which their behaviour is tracked on the Internet These notes should act as guidance for clients concerned about the cookie regulations, but are not professional legal advice. Please feel free to contact us with any questions, or to get in touch with the DPC directly.