What are these changes and where did they come from? During the second half of 2019, the DPC undertook an investigation into cross-sector levels of cookie and other tracking technologies compliance on Irish websites and apps. They were shocked with their findings.
Why? Because roughly two thirds of publishers were incorrectly relying on ‘implied consent’ for the setting of non-essential Cookies. Moreover, the majority of websites made it deliberately difficult for users to withdraw or personalise their consent preferences. Finally, almost all websites set essential and even non-essential cookies immediately as the user landed on their website/app, without first collecting their consent.
The DPC does admit that “it is unlikely that first-party analytics cookies would be considered a priority for enforcement action”. However, does your website/app use third-party cookies? If it does, you’re going to be the DPC’s main target.
Worried about what this investigation means for your business? Carry on reading to find out how you can become compliant, or let Didomi ensure compliance for you, by scheduling a demo with a member of our team.
What are the most important changes?
The DPC states that cookie consent must conform to GDPR standards, namely that consent is “freely given, specific, informed and unambiguous indication”. But what does this really mean in practical terms?
Implied consent is unacceptable.
Pre-checked boxes and sliders set to “on” as default are unacceptable.
Cookie consent lifetime is 6 months
Finally, an important element to bear in mind is that the cookie consent lifetime is 6 months. This means that once you have collected consent from a user, you must re-collect it after 6 months. Again, this ensures that consent is freely given and informed, giving users more choice.
Examples of Cookie Consent Banners
As you can see here, the user has no choice but to accept the cookies. There isn't even an accept button, the "x" assumes consent. This does not conform to DPC or GDPR guidelines which state that consent must be freely given, specific, informed, unambiguous, as this does not constitute an unambiguous positive action.
As you can see here, the user has real choice. They are not “nudged” into accepting cookies, and are given the opportunity to consent on a granular basis. The Guidance says that if you use a button with an “accept” option then you must give equal prominence to a “reject” option, or to one which allows them to manage cookies and brings them to a second layer in order to do that by cookie type and purpose. This is exactly what the Didomi banner does.
How can Didomi help?
So, in summary, users must have real choice, must be aware of the purposes, and must be able to withdraw their consent as easily as they gave it.
Interested in more information on Irish consent regulation? Check out our blog post on the topic here.
Want to ensure compliance? Schedule a demo with Didomi today, in which we can investigate whether your website/app is currently compliant, and, if not, ensure compliance before the October 5th deadline.
Looking forward to hearing from you!