Schedule a demo
back button

Back

Are your websites and apps compliant? A look at Irish cookie consent regulation

July 1, 2020byYannig Roth

Last April, the Irish Data Protection Commission (DPC) published updated guidance on cookies and other tracking technologies. The “Guidance” was issued with a report based on a cookie audit of 38 companies, and the results of the audit were not good. The survey found that 35 of the 38 companies were not in compliance on the transparency and consent front. The Commissioner concluded that such low levels of compliance mean that ordinary individuals are unaware of the extent to which their activities are tracked online. 

The Guidance reminds us that consent to cookies under Article 5(3) of the ePrivacy Directive must meet the standard of consent under GDPR. Many of the requirements of the Guidelines stem from this change in the consent standard, which is largely in line with the guidelines of other Data Protection Authorities (DPAs) in Europe. So what are the DPC recommendations about cookie consent guidance in Ireland, and how to make sure you are compliant?

The role of a consent Management Platform (CMP) such as Didomi is to ensure compliance at all times, and to provide you with customised support in order to retain your users and strengthen your relationship with them. Here’s what you need to know about cookies, legal recommendations, and the role of CMPs.

What are cookies, and when is user consent needed?

A cookie is a text file in which you can store information such as IDs and passwords, navigation history, or card numbers for payments. There are two types of cookies, first-party cookies set by the host domain, and third-party cookies set by other domains and partners. And there are three main categories of cookies: analytics, content personalisation, targeted advertisements.

The DPC stresses that consent must be collected before any information is collected – cookies or other tracking technologies such as pixel trackers, fingerprints, SDKs, Local Storage Objects, “Like” buttons and other social sharing tools. In fact, consent must be collected for any storage of information on a user’s device or equipment. The only exceptions are communication cookies and strictly necessary cookies. 

So what is ‘consent’ you may ask? According to the GDPR, “‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”. In addition, “it shall be as easy to withdraw as to give consent” (Art.7.3).

In the light of these recommendations, browsers are becoming increasingly restrictive. Between July 2019 and January 2020, Firefox announced the “Enhanced Tracking Protection” by default, Apple announced the ITP2.2 Safari version, and Chrome announced cookie and tracking technologies restrictions, promising no more third-party cookies in Chrome by 2022. In this context, it is imperative for all programmatic advertisers to update and comply. 

The Irish DPC’s main guidelines for cookie compliance

  • Explicit consent is required: it is no longer possible to rely on implied consent (which is what two thirds of the audited companies did). 
  • No nudging: the ‘Accept Cookies’ button in the cookie banner should not be emphasised over the option to ‘Manage Cookies’ or ‘Reject All’ buttons. 
  • Clear choice of settings: banners must allow users to reject non-necessary cookies and similar technologies, to change their cookie preferences at any time, and to withdraw consent as easily as they gave it. 
  • Retention: consent cookies should have a lifespan of 6 months maximum, with an expiry date of a cookie that should be proportionate to its purpose.
  • Third party cookies examination: it is the responsibility of each organisation to monitor third parties using cookies on their website or application.
  • Transparency obligations: users must be provided with clear and comprehensive information about the use of cookies (readable banners, listing all third parties, granularity in the explanation of the purposes).

How can Didomi help Irish brands and publishers?

Publishers may worry that compliance will lead to a loss of revenue, and both publishers and brands will be fearful of a drastic drop in consent. Indeed, there will probably be repercussions on consent rates (small or considerable, depending on your partners and the measures you put in place). All parties will be impacted, and everyone must prepare for a certain amount of change.

But, don’t worry: this is why Didomi is here to help you. Through the use of specific tools such as A/B testing and bespoke CMPs, Didomi will make sure you know exactly what’s happening on your website, allowing you to optimise on consent collection and build trust with your consumers. 

A/B testing or finding the best “look and feel” for your banner to connect with your customers will be essential. But there will be one fundamental change that is positive, namely that giving more choice, control and freedom to users is a great opportunity for you to build brand confidence. By building better communication channels, you build trust, and that may be used to your advantage, for the benefit of all parties. 

The best way to be compliant and make the most out of GDPR and PECR regulations, is to implement a CMP which is both compliant and performant, such as Didomi’s. It will provide you with the right legal and technological tools, and become the first point of contact with your customers.  

At Didomi, we begin by performing an audit of your website, including an analysis of application and website compliance, partner detection, identification of the cookies they drop and their lifespan. The goal is to give you an accurate picture of what is happening on your website or application, and often our customers are surprised at what they discover (especially because of all the activity around third-party cookies). 

Didomi’s Console allows you to get a “Compliance Score” based on your website’s cookie usage

The next step is to customise your CMP by choosing the right message and consent notice format to ensure that the UI/UX are aligned with your brand image (colours, font, language, etc.). Then the CMP is deployed and integrated with existing solutions within your tech stack (integration of the SDK into mobile web & apps; integration with your Tag management solutions; blocking of ad hoc cookies and specific tags, except for TMS and TCF). Finally, we follow-up and optimise by performing regular audits to monitor cookie lifetime and new partners, closely following consent rates and performing A/B tests to improve opt-in rates. 

Cookie consent is now a key indicator for companies. With a CMP, consent becomes an indication of user confidence in your business, which in turn leads to revenue. So put all the odds in your favour and choose Didomi!

Related articles

July 20, 2020byYannig Roth

What are the requirements of a TCF v2 compliant consent notice?

On a website or in a mobile app, the notice is the first and main consent UI that users interact with. That’s where most users get informed on purposes and vendors that consent is collected for, and how users will make a choice to give or deny consent. As a result, the content of a consent…

Read more

CMP

Consent

GDPR

TCF v2

July 1, 2020byYannig Roth

Are your websites and apps compliant? A look at UK cookie consent regulation

In July 2019, the Information Commissioner’s Office (ICO) published new guidance on the use of cookies to provide more clarity and certainty about how you can use cookies in your online service. As the Information Commissioner said, “the public has woken up to the potential of their personal data”, adding that “the ICO has covered an…

Read more

CMP

Cookies

GDPR

November 22, 2018byJawad Stouli

What CMPs can learn from the French data protection authority

On 30 October 2018, the French Data Protection Authority (the “CNIL”) issued a warning against a small company called Vectaury in relation to how this Ad Tech actor was collecting consent for geolocation-based advertising campaigns. On 8 November 2018, it decided to make this decision public notably because it is necessary to “raise awareness among…

Read more

CMP

CNIL

Consent

Cookies

France

GDPR

IAB

Sanction

Vectaury

Warning

April 16, 2020byRomain Gauthier

My take on the CNIL’s new guidelines on cookies: 4 key ideas to remember

The new CNIL (France’s privacy watchdog) guidelines released in the summer of 2019 have turned the advertising industry upside down and are prompting us to rethink how we monetize information and innovate in programmatic. On June 28th, the CNIL (which means National Commission for Information Technology and Civil Liberties) published its action plan on advertising targeting, one…

Read more

CMP

Consent

Cookies

May 25, 2018byJawad Stouli

A potential future for the Ad Tech industry: consent without tracking walls

Publishers and actors of the Ad Tech sector targeting the EU currently face one of the biggest challenges they have ever encountered, one that may require them to change profoundly their model. Namely? Unambiguous positive consent. Some background Publishers (both online and offline) have traditionally been able to provide their readers with free contents by…

Read more

Ad Tech

Consent

ePrivacy

GDPR

Publishers