Cookies – something to enjoy with a cuppa or is there more we should know about them? If, like many business owners around the country, you are more inclined to leave the website cookie to the tech professionals, then you need to pay attention!
From Oct 6th the Data Protection Commission will be conducting desktop reviews of websites and those that are not in compliance with regulatory cookie requirements could face enforcement action.
It all stems from a court case in Germany in March 2019 whereby a company Planet 49 ran a promotional lottery on their website.
To enter the lottery, users were presented with two tick boxes. The first was unchecked and was necessary to receive third party advertising (users had to tick the box in order to enter the competition) and the second box was a pre-checked box which allowed Planet 49 to set cookies to track the users online behaviour.
The Federation of German Consumer Organisations objected to its use of these type consent boxes and sought an injunction.
Pre-ticked Checkboxes are Invalid
Following this ruling, the Data Protection Commission (DPC) carried out their own desktop sweep of websites throughout the country and rated their cookie compliance.
Out of 40 websites reviewed, none were found to be fully compliant. As a result of this review the DPC issued guidance based on their findings in March of this year and gave businesses 6 months to get their cookies in order.
That time is nearly upon us.
Data Protection Commission Checking Websites
From Oct 6th, the DPC will be checking websites and have advised that they will begin enforcement action for those that don’t comply.
In particular, they have indicated that the type of websites they will be targeting initially are those that the public are attracted to and are compelled to use, particularly where traffic is driven to use the website.
A team within the Special Investigations Unit is actively examining the practices of businesses across every sector on a daily basis and now a deeper technical examination is taking place in relation to tracking cookies.
Enforcement action can be time consuming and costly if it goes too far, with penalties of up to 2% turnover or €10million. The message is don’t be that cookie!
Margaret Julian is the founder/principal of GDPR Audits (www.gdpraudits). She also likes the cookies with a cuppa sort but will help with the website ones too. Get in touch by emailing firstname.lastname@example.org or phone 087-6897789.