Back to all blog posts

Cookies with consent, not milk

Back in August 2019 the Data Protection Commission examined about 40 of the best known organizations’ websites across different industries. The purpose was to gauge compliance with current regulations regarding cookies and tracking technologies. A small group of organizations fared rather well but mostly the process identified the amount of work still left to be done.

Here are just a few issues that stood out glaringly to me:

  • Cookies are being negligently categorized either “Strictly Necessary” or “Necessary” without meeting the consent exemption criteria as follows “shall not prevent any technical storage of, or access to, information for the sole purpose of carrying out the transmission of a communication over an electronic communications network or which is strictly necessary in order to provide an information society service explicitly requested by the subscriber or user”(ePrivacy Directive Regulation 5(5)).
  • Cookies that cause the user to be broadly tracked are being set to activate once the user arrives at the website.
  • The good old prechecked opt-out box we have all gotten so used to is scheduled to be stopped immediately, depending on the regions you service. My suggestion is to get uncomfortable with it fast, as it will not be an option
  • Be aware what type of plug-ins are on your website. You would be surprised how many controllers were not aware of the social media cookies that were collecting, transferring and storing data from their websites. This is not one of those situations where ignorance is bliss, trust me.
  • Every time a user accesses a website they need to be presented with the option to give opt-in consent. This isn’t a one and done scenario.

This is not a comprehensive list but just a starting point of things to think about. 

The Privacy Ref Team is ready to assist you, contact us today.