Alert
Alert
By
04.10.20
Businesses tracking website visitors and customers via cookies and other techniques are reminded that this is an area of increased scrutiny and many prior practices won’t be acceptable. Regulators have signalled changes need to be made to comply and they will increase enforcement.
Hot on the heels of the UK Information Commissioner’s Office and the French CNIL, the Irish Data Protection Commission (DPC) has issued new cookies and tracking Guidance and a Report. This followed an inspection and survey of the use of cookies and similar technologies across a selection of the most well-known websites operating in a range of sectors, including the media and publishing, retail, restaurant and food delivery, insurance, sport and leisure and public sectors. The DPC also included in its review a number of websites which had come to its attention following the receipt of complaints from individuals concerning cookie use, and from the DPC’s own observations of bad practice.
In short, the Guidance echoes that already issued by other EU DPAs, including:
The Report Findings
The Report summarizes the DPC’s main concerns regarding cookie use, including:
The DPC has expressed particular concern around the use of tracking, analytics and marketing cookies by health companies, and the sharing of sensitive health data by these companies with the likes of Facebook and Google for advertising purposes. In these cases, websites may be processing special category data and sharing it with third parties without a lawful basis, which is a breach of the GDPR.
Those operating websites should note that the goalposts have moved, and current practices need to be reviewed and likely changed to comply to avoid the new tougher enforcement focus and fines. This is also not just an EU issue; many U.S. businesses will be caught.