Earlier this month, the Irish Data Protection Commission (DPC) published a new guidance note on the use of cookies and tracking technologies, as well as a report summarizing the DPC’s findings following a “cookie sweep” of select websites across a range of sectors.

The “Cookie Sweep”

Between August and December 2019, the DPC requested information from certain popular websites in Ireland to examine the use and deployment of cookies and tracking technologies on their website.

The DPC’s goal was to establish how and whether organizations are complying with the current Irish cookie law rules, and whether users’ consent for non-necessary cookies or tracking technologies is being obtained as required under the General Data Protection Regulation (GDPR).

The DPC will allow a six-month period from the date of the publication of the Guidance to bring websites and mobile apps into compliance before enforcement begins.

Sign up for the webinar: What DPC’s Cookie Guidance means for Global Businesses

Main Findings from the Report 

Key findings of the cookie sweep include:

According to the report, more than half of the organizations signaled either that they were aware they may not be compliant with the existing rules, or that they had identified improvements that they could make to their websites in order to demonstrate compliance.

Moving Forward with the DPC’s Guidance

There are similarities between the Guidance and other guidance produced by EU data protection authorities and, specifically, the guidance produced last summer by the UK Information Commissioner’s Office (ICO). However, there are certain areas where the DPC is taking quite a unique stance.

Key takeaways from the DPC’s new cookie guidance include:

Organizations have a six-month window to get in compliance with the DPC’s new cookie guidance; after that period, the DPC may take action to enforce the guidance. To learn more, sign up for the webinar.