Dave McEvoy, director of Dmac Media, explains why many Irish businesses are failing when it comes to cookie compliance and how they can easily rectify this.

With just months to go before the Data Protection Commission (DPC) begins enforcing its guidance on web cookie compliance, Sligo web design business Dmac Media has warned Irish businesses that they may not yet be compliant with the DPC’s guidance.

Introduced in April 2020, the latest DPC guidance note on cookies and other tracking technologies gave Irish businesses six months to bring their sites in line with newly clarified advice on cookie management.

The DPC published the note after surveying 40 popular Irish websites last year and identifying concerns among 32 of the websites. Just two of the websites surveyed got a “green rating”, meaning that they were substantially compliant.

The director of Dmac Media, Dave McEvoy explained that since the General Data Protection Regulation (GDPR ) measures were introduced in 2018, most website owners are aware that their website needed a “cookie message” but the vast majority of these messages are not compliant with the law.

Cookies and GDPR

McEvoy said that the “vast majority” of cookie messages in Ireland are not compliant with the law, as they fail to disclose how cookies are used. He warned that from 6th October 2020, companies that have not brought their cookies in line with regulations could face financial penalties.

In the DPC’s guidance, it explains that cookies (which are small text files stored on devices such as PCs, mobile devices or IoT devices) serve a number of important functions, such as keeping track of items in an online shopping cart, or helping web pages to load faster.

The information stored in cookies can include personal data, such as an IP address, a username, a unique identifier or an email address, as well as non-personal data such as language settings or information about the type of device being used to browse a site.

McEvoy explained that cookies help websites to form a memory of a users’ computer activity. When a user chooses not to accept cookies, they may find that some features on certain websites are not available to them.

However, Dmac Media director warned that when users blindly click to accept cookies on every website they visit, they may be unwittingly agreeing to share information with a variety of advertising platforms.

“In short, cookies used for anything other than primary functionality have to have your permission to be placed on your device,” McEvoy said. “Yes, website owners tell their customers about these cookies, but they carried right on using the information incorrectly nonetheless. This goes against both the spirit and the letter of the regulations.”

How do you ensure your website is compliant?



McEvoy said that ensuring your website is compliant with new guidelines is as simple as updating the cookie message.

He said that websites should not set any cookies that require consent until after the user has expressed permission.

The website needs to allow the user to reject or accept the setting without promoting one option over the other and it must give the user the ability to manage their consent options.

He concluded: “The important thing for businesses is to note that they are not allowed to assume consent, nor are they allowed to sway the visitor to a yes rather than a no, when seeking permission.

“A simple permissions update will solve the issue but companies need to be aware that the deadline is looming.”