The Irish Data Protection Commission (DPC) has recently published updated guidance on cookie law and privacy controls, which has implications for businesses operating in the EU and UK. In this article, we will provide an overview of the key points covered in the guidance and what steps businesses need to take to comply.
Implied Consent is Not Legal or Appropriate
According to the DPC’s latest guidance, businesses must obtain clear and explicit consent from users before using cookies on their website. Implied consent, where users are assumed to have consented by continuing to use the website, is not legal or appropriate.
Ensure Privacy-Friendly Options and Accessibility
In addition to obtaining clear consent, site owners must ensure that their website offers privacy-friendly options to users. The interface should be designed with accessibility in mind, including considerations for users with visual impairments or dyslexia.
Avoid Pre-Checked Boxes and Cookie Walls
Websites should not use pre-checked boxes to obtain consent, as this is illegal. Similarly, cookie walls that require users to consent to cookies in order to access the website are also not permitted, unless specific functionality of the website may be impacted by refusal.
Sensitive Data and Accountability
The guidance highlights the Commissioner’s concern over the unlawful sharing of special categories of data, such as health data, for financial or marketing purposes. Processing of precise location data requires clear and explicit consent, and businesses must conduct a Data Protection Impact Assessment (DPIA) if they systematically monitor and track user location or behavior for profiling purposes.
Complying with the Guidance
All businesses operating in the EU and UK have an eight-week period to switch to using a compliant cookie consent management solution. Seers’ market-leading cookie consent management solution helps organizations protect and comply with regulations, and takes less than a few minutes to implement.
The DPC’s updated guidance on cookie law and privacy controls emphasizes the importance of obtaining clear and explicit consent from users, offering privacy-friendly options and accessibility, and complying with transparency obligations. Businesses must also avoid using pre-checked boxes and cookie walls and be accountable for sensitive data. By implementing a compliant cookie consent management solution, businesses can protect themselves from legal threats, compliance concerns, and litigation risks.
DELTA Data Protection & Compliance, Inc. Academy & Consulting – The DELTA NEWS – Visit: delta-compliance.com
Author: Shernaz Jaehnel, Attorney at Law, CDPO/CIPP/CIPM, Compliance, ESG & Risk Manager