Skip to main content

On-demand webinar coming soon...

Blog

DPC cookie guidance: your top 7 questions answered 

September 29, 2020

orange gradient

On April 6, 2020, the Irish Data Protection Commission (DPC) released a report explaining the findings following a cookie sweep of websites across a range of industries. With the release of this report came a list of guidance notes for companies to follow when using cookies and other tracking technologies. 

In this post, we’re going over the report findings and how they directly impact you and the way your business is currently tracking cookies. 

The cookie sweep 

Between August and December of 2019, the DPC ran what is known as a Cookie Sweep. It sent a questionnaire to 40 organizations in Ireland across a wide range of industries to examine how they’re currently using cookies and tracking technologies. 

The DPC’s goal? 

It was to examine how cookies and other tracking technologies are being used across organizations. In addition, the DPC wanted to determine whether organizations are maintaining compliance under current Irish cookie laws such as EU ePrivacy Directive and GDPR.

The cookie sweep findings 

The DPC emphasized this sweep wasn’t a direct shot at the ad tech industry. But the findings showed organizations are either confused about current legislation or are outright ignoring them. 

Key findings included: 

  • Almost all of the websites examined had cookies set immediately on their landing pages. In many cases, this meant unnecessary cookies. 
  • 26% of the organizations presented pre-checked boxes to signal consent for cookies.
  • 75% of the organizations stated they rely on a model of “implied consent” to set cookies based on the wording on their cookie banners (e.g. “by continuing to browse this website, you consent to the use of cookies”) or user controlling cookies set up on the browsing settings. 
  • Many respondents miscategorized cookies deployed on their websites as “necessary.” 
  • Many of the organizations had poorly designed cookie banners that offered no other choice but to accept cookies without any link to additional information about the cookie usage or privacy policy. 
  • Most of the organizations bundled consent (e.g. users were unable to pick and choose for which purposes cookies were being used.)
  • And lastly, most of the websites didn’t offer tools for users to withdraw cookie choices at a later stage.

40% of the organizations that responded to the questionnaire signaled they were aware they may not be complying with existing regulations or knew their website needed improvements in order to comply. 

New Cookie Guidance: Your Top 7 Questions Answered. 

Clearly, based on these results, something has to give. Companies are taking major risks ignoring compliance from existing EU privacy regulations. So without reading the entire cookie guidance page, what does your company need to know? 

Here are your top 7 questions answered. 

Q: What is a cookie? 

A: A cookie is a tool that can give organizations helpful insight into their users’ activity on their sites and help provide the best user experiences. Typically stored in text files, cookies are pieces of data. Websites placing these pieces of data on users’ computers to store a variety of information specific to the device they’re accessing the site from, such as the browser or mobile phone. Read up on everything you need to know about cookies here.

Q: What is considered a “non-necessary” cookie and can my organization deploy it? 

A: A non-necessary cookie includes:

  • Local storage objects or flash cookies 
  • Software development kits 
  • Pixel trackers 
  • Like buttons and other social sharing tools 
  • Fingerprint device technologies

These can’t be placed on your landing pages or site apps. 

Q: Do I need to collect user consent, and if so, what’s required to do so? 

A: Yes, you need to collect user consent. Using a cookie banner is acceptable provided that:

  • The cookie banner or popup explicitly outlines the organization is requesting consent for the user of cookies or similar technologies with the purposes also outlined. It must also allow the user to reject non-necessary cookies and similar technology or request more information about the cookie usage. Wording such as “by continuing to browse this site, you are consenting to the use of cookies” no longer flies.  
  • The cookie banner or popup provides both an accept and reject button or provides a second layer option in which the user can manage his or her cookie settings.  
  • The second layer of information must provide detailed information about the purpose of cookie collection and the third parties that will process any information collected when those cookies are deployed. The second layer must also provide users with the option to accept or reject cookies by type and purpose via checkboxes that aren’t pre-checked as if consent has already been given. 

Q: Do I need to provide users the ability to change their cookie preferences? 

A: Yes. You need to provide either a cookie button or radio button on your website that reveals sliders or on/off consent options.  

Q: How long does user consent last? 

A: Cookies should have a lifespan of six months. Similar to the CNIL in France, the DPC requires renewing user consent after 6 months of appropriation.

Q: Are all cookies judged equally under DPC?

A: No. Analytics cookies, targeting cookies, and marketing cookies require user consent and are prioritized under DPC. However, first-party analytics cookies are considered potentially low risk and are unlikely to have formal enforcement.  

Q: How should organizations handle third parties using cookies?

A: Organizations are responsible for examining the role of their third-party vendors using cookies on their website or app. Specifically, they must be aware of the possible joint data controller issues bubbling up from the use of third-party asses and plugins. Where required, businesses should put into place data processing agreements with their vendors which must reflect the actual facts regarding data processing.  

Conclusion: Cookie Compliance Is Required 

The DPC guidelines make it pretty clear that organizations are required to comply with the current cookie law regulations. It provided a six-month window before companies will face enforcement for noncompliance, giving organizations only a few more months to prepare. 

Luckily, compliance isn’t as hard as you might think thanks to tools such as OneTrust’s Cookies and Website scanning tools. Managing compliance and scanning, identifying, and sorting website behavior trackers (including cookies) has never been easier. Give it a try for free today. 


You may also like

Webinar

Consent & Preferences

3 predictions for the impacts of 3rd party cookie deprecation

Stay ahead of the curve! Gain insights into the impacts of third-party cookie deprecation & actionable strategies for marketing success. Register now!

March 26, 2024

Learn more

Webinar

Consent & Preferences

The unified consent strategy every marketer needs in 2024

Join us to master Unified Consent! Seamlessly integrate preferences across your tech stack, drive customer satisfaction, and boost revenue. Register today!

March 19, 2024

Learn more

Webinar

Cookie Consent

Elevate your data strategy: From cookies to universal consent & preferences

Transform your customer relationships. From cookie consent to holistic customer profiles, unlock universal preferences. 

February 22, 2024

Learn more

Report

Consent & Preferences

The state of data privacy and trust in marketing 2023

Navigate the intersection of data, privacy, & trust with OneTrust. Explore report insights on responsible data use, legal compliance, & building customer trust.

January 22, 2024

Learn more

Infographic

Consent & Preferences

Unify consented data across your tech stack

How does consented data help the rest of your tech stack level up? And what does this mean for your customers? Find out the answers and more with this infographic.

January 11, 2024

Learn more

Webinar

Consent & Preferences

Permission-based Personalization: The Power of a Centralized Record of Consent

Join us to explore the power of consent record centralization and its impact on elevating customer personalization while respecting privacy.

December 18, 2023

Learn more

Infographic

Consent & Preferences

The consent and preferences roadmap

How can your organization get started with consent and preferences? What are the first steps to take? Download our infographic to learn more.

December 11, 2023

Learn more

eBook

Consent & Preferences

The basics of consent and preferences

When it comes to consent and preferences, what are the basic points that your organization needs to keep in mind? Download the eBook to learn more.

December 11, 2023

Learn more

Webinar

Consent & Preferences

Compliant omni-channel automation: How to be a responsible marketer?

Join this webinar and learn how to create a compliant privacy-first marketing program that respects customer consent across multiple channels.

October 12, 2023

Learn more

Resource Kit

Consent & Preferences

AdTech and consent toolkit 2023

Master TCF 2.2 & Google CMP requirements with our AdTech and Consent Toolkit 2023. Stay compliant and succeed in the privacy-first advertising landscape.

October 10, 2023

Learn more

Infographic

Consent & Preferences

How OneTrust integrates with Snowflake

When it comes to personalized marketing campaigns, email lists, or any other activation, make sure you’re staying compliant with all applicable privacy regulations.

October 09, 2023

Learn more

Resource Kit

Consent & Preferences

The IAB TCF 2.2 mastery toolkit

Master IAB TCF 2.2: Gain insights, navigate changes, and empower your organization with our resource kit. Download now!

October 05, 2023

Learn more

Resource Kit

Consent & Preferences

The Google CMP requirements toolkit

Master Google's CMP Standards: Stay compliant and excel in the evolving ad landscape. Download our Google CMP Requirements Toolkit now!

September 27, 2023

Learn more

Webinar

Consent & Preferences

Adobe + OneTrust: How to market responsibly with consent-based experiences

Join Adobe and OneTrust as we discuss best practices for deploying consent-based marketing campaigns and privacy-first experiences.

August 29, 2023

Learn more

Webinar

Cookie Consent

Trust matters: Building consumer confidence in a cookieless world

Join us and learn how to build consumer trust and drive marketing ROI without relying on third-party cookies.

August 01, 2023

Learn more

Webinar

Consent & Preferences

Consent-based advertising: Connecting with customers in a privacy-centric world

Get the insights you need to launch privacy-first advertising campaigns and build strong customer relationships based on trust.

July 28, 2023

Learn more

Checklist

Consent & Preferences

The marketer's first-party data checklist

Download our in-depth first-party data checklist and begin building privacy-first marketing strategy that builds trust and keeps your organization compliant.

July 11, 2023

Learn more

Infographic

Consent & Preferences

Navigating Google's new CMP requirements

Adapt to Google's June 2023 CMP requirements with this infographic and confidently engage your audience while staying compliant.

June 20, 2023

Learn more

eBook

Consent & Preferences

The ultimate guide to consent and preferences for marketers

Download this eBook and learn how marketers can apply consent and preference principles to build a relationship with their audience built on trust.

June 02, 2023

Learn more

Video

Consent & Preferences

The strongest consumer relationships are built on first-party data, not third-party cookies

Request a OneTrust Consent & Preferences demo video and learn how to unlock the potential of first-party data and establish a relationship with your customers based on trust.

June 02, 2023

Learn more

Infographic

Cookie Consent

5 GDPR-compliant cookie banner guidelines from the EDPB

Download our infographic to learn more about how to operationalize the EDPB’s GDPR-compliant cookie guidelines and keep your organization compliant.

March 02, 2023

Learn more

eBook

Consent & Preferences

The ultimate guide to consent and preferences in the healthcare sector

Download the guide to learn more about how to use consent and preferences to elevate patient and customer experiences in the healthcare sector.

February 15, 2023

Learn more

eBook

Cookie Consent

Your Playbook for a Cookieless World eBook

Download this ebook to learn why third-party cookies are deprecating, what solutions are available, and how to put privacy and consumer trust first.

February 09, 2023

Learn more

Infographic

Cookie Consent

10 tips to master cookie consent

Download our infographic and learn how to create a Consent Management Platform that meets compliance requirements, maximizes opt-ins, and builds trust. 

September 12, 2022

Learn more

Webinar

Consent & Preferences

Fireside chat: A modern marketer’s approach to privacy & data

Learn the challenges and opportunities marketers face to deliver personalized experiences while remaining compliant with global privacy requirements.

September 08, 2022

Learn more

White Paper

Cookie Consent

Succeeding in a privacy-first world with Alex Cash

In this white paper, discover strategies for data collection to further business goals and how to prioritize data while ensuring the best customer experience.

August 03, 2022

Learn more

Infographic

Cookie Consent

The ultimate cookies handbook for privacy professionals eBook

Download this guide to learn available lawful bases for tracking technologies, the future of the ePrivacy Regulation, CCPA and CPRA requirements, and more!

August 01, 2022

Learn more

Webinar

Cookie Consent

Powering game-changing experiences Ahead of a cookieless world

Watch this webinar with mParticle and OneTrust to gain guidance for preparing for a cookieless world and opportunities to future-proof your database.

June 26, 2022

Learn more

Webinar

Consent & Preferences

How to drive enhanced marketing & CX campaigns through trusted data use

Join Oracle & OneTrust to learn how to drive enhanced, privacy-centric personalization in marketing & CX campaigns through trusted data use.

June 14, 2022

Learn more

Webinar

Consent & Preferences

Data distribution: Integrating consent & preferences into MarTech & business systems

Watch this webinar to learn how to boost your integrated marketing performance with consent & preferences in CRMs, CDPs & marketing automation systems.

April 29, 2022

Learn more

Webinar

Cookie Consent

How marketers can adapt to a post-cookie world with OneTrust's Alex Cash

Learn how marketers can get ahead of a post-cookie world from Alex Cash, Director of Strategy, OneTrust & ExchangeWire's CEO Ciaran O'Kane.

April 06, 2022

Learn more

Webinar

Consent & Preferences

Consent governance: moving from chaos to control via data intelligence

Learn how to set up a strong consent governance strategy to achieve privacy-first data capture, distribution and activation.

April 04, 2022

Learn more

Webinar

Cookie Consent

How to prepare for the crumble of third-party cookies

Learn everything you need to know to prepare for the deprecation of third-party cookies from eMarketer & OneTrust in this on-demand webinar.

March 30, 2022

Learn more

Webinar

Consent & Preferences

Web, mobile, ctv: enhancing consumer trust in the omni-channel world

Learn how to leverage consent and preference management and cement consumer trust in your data protection practices.

March 28, 2022

Learn more

Webinar

Consent & Preferences

OTT and CTV Liftoff: A deep dive into delivering personalized experiences to streamers

Learn how to incorporate consent and privacy strategies to deliver personalized experiences to streamers on OTT applications & CTV platforms.

March 06, 2022

Learn more

Webinar

Consent & Preferences

Prioritizing data transparency: A critical ingredient in trust, loyalty and ROI

Learn how can you prioritize data transparency and share openly with consumers in order to build trust, gain loyalty and improve ROI.

January 02, 2022

Learn more

Webinar

Cookie Consent

The crumble of third-party cookies: How to prepare in 2022

Learn how your organization can leverage smart preference management to overcome the deprecation of third-party cookies.

January 02, 2022

Learn more

Webinar

Consent & Preferences

Google consent mode & OneTrust CMP

Learn the benefits of using Google Consent Mode with the OneTrust CMP (Cookie Consent) to balance compliance and marketing objectives.

October 27, 2021

Learn more

Webinar

Consent & Preferences

Navigating a complex framework: IAB TCF 2.0 upgrade checklist

Watch this webinar where we cover the complexity the IAB TCF 2.0 framework and providing a checklist to help you navigate your migration.

July 21, 2021

Learn more

Webinar

Consent & Preferences

IAB TCF 2.0 deep dive: Overview, terminology, resources

Watch this webinar for a deep dive into the IAB TCF framework and what's new in the second version.. 

July 21, 2021

Learn more