Irish online businesses may face substantial fines for non-compliance with GDPR
In April this year, the Irish Data Protection Commission released updated guidance on cookie compliance for Irish websites. Dave McEvoy of Sligo based digital company, Dmac Media, is warning businesses that they may not be compliant and time is running out.
Irish businesses were given six months to bring their sites in line with this newly clarified advice on cookie management. From October 6th, 2020 Irish businesses could face financial penalties under the GDPR legislation for non-compliance.
A cookie is a small text file on a device used to store information. By placing a cookie on a site it allows the website to have a memory of the users’ computer activity. If a user clicks not to accept cookies some features of the website may not be available to them. However, when they click to accept they may unwittingly be agreeing to share their information with a plethora of advertising platforms.
Since GDPR measures were introduced in 2018, most website owners are aware that their website needed a “Cookie Message” but the vast majority of these messages are not compliant with the law. Where the majority of Irish companies fall down is in disclosing the way the cookies are used. For example: most people do not specifically agree to share their information to be used by advertising platforms yet remarketing campaigns follow them from site to site online.
Dave McEvoy, Director of Dmac Media said,
“In short Cookies used for anything other than primary functionality have to have your permission to be placed on your device. Yes, website owners tell their customers about cookies, but they carried right on using the information incorrectly nonetheless. This goes against both the spirit and the letter of the regulations.”
To become compliant a business needs to do a simple update to its online cookie message. Websites should not set any cookies that require consent until after the user has expressed permission. The website needs to allow the user to reject or accept the setting without promoting one option over the other and it must give the user the abiltiy to manage their consent options. Website owners need to ensure that only those that have given consent are included in future marketing campaigns.
Dave goes on to say,
“The important thing for businesses to note is that they are not allowed to assume consent, nor are they allowed to sway the visitor to a yes rather than a no, when seeking permission. A simple permissions update will solve the issue but companies need to be aware that the deadline is looming.”
With the deadline for compliance approaching on October 6th, Dmac Media are strongly advising Irish companies to check that their cookie management is up to date or potentially face hefty fines. For more information see www.dmacmedia.ie
ENDS