It’s time to get your cookies in order


Cookies – something to enjoy with a cuppa or is there more we should know about them? If, like many business owners around the country, you are more inclined to leave the website cookie to the tech professionals, then you need to pay attention!
From Oct 6th the Data Protection Commission will be conducting desktop reviews of websites and those that are not in compliance with regulatory cookie requirements could face enforcement action.

The Background

It all stems from a court case in Germany in March 2019 whereby a company Planet 49 ran a promotional lottery on their website.
To enter the lottery, users were presented with two tick boxes. The first was unchecked and was necessary to receive third party advertising (users had to tick the box in order to enter the competition) and the second box was a pre-checked box which allowed Planet 49 to set cookies to track the users online behaviour.

The Federation of German Consumer Organisations objected to its use of these type consent boxes and sought an injunction.

Pre-ticked Checkboxes are Invalid

Fast forward to Oct 2019 and the Court of Justice of the European Union makes a ruling that Pre-ticked checkboxes are invalid and do not constitute valid consent for the use of cookies or similar technologies. This includes “assuming” consent by scrolling.
Following this ruling, the Data Protection Commission (DPC) carried out their own desktop sweep of websites throughout the country and rated their cookie compliance.

Out of 40 websites reviewed, none were found to be fully compliant. As a result of this review the DPC issued guidance based on their findings in March of this year and gave businesses 6 months to get their cookies in order.

That time is nearly upon us.

Data Protection Commission Checking Websites

From Oct 6th, the DPC will be checking websites and have advised that they will begin enforcement action for those that don’t comply.
In particular, they have indicated that the type of websites they will be targeting initially are those that the public are attracted to and are compelled to use, particularly where traffic is driven to use the website.

A team within the Special Investigations Unit is actively examining the practices of businesses across every sector on a daily basis and now a deeper technical examination is taking place in relation to tracking cookies.

Enforcement action can be time consuming and costly if it goes too far, with penalties of up to 2% turnover or €10million. The message is don’t be that cookie!

Margaret Julian is the founder/principal of GDPR Audits (www.gdpraudits). She also likes the cookies with a cuppa sort but will help with the website ones too. Get in touch by emailing or phone 087-6897789.

Subscribe to our Newsletter

Stay up-to-date with the latest in GDPR regulations news, best practices and more.

Share this post with your network

Free Download:
GDPR Compliance Checklist

Our free comprehensive checklist covers everything from auditing and inventory to implementation and ongoing compliance.