Ireland Update– Data Protection Commission Issues Guidance on Cookies

In April 2020 the Data Protection Commission (“DPC”) issued a guidance note on the use of cookies by data controllers (the “Guidance”). The Guidance is designed to address deficiencies identified by the DPC in its examination of the use of cookies and similar technologies by a selection of website operators from a range of different industry sectors, including some in the financial services sector.

The Guidance clarifies the law applicable to the use of cookies and similar technologies and, amongst other things, explains the requirements around consent including how it should be obtained in practice. The DPC states in the Guidance that it would allow a period of six months from its publication (i.e. 6 October 2020) for data controllers to bring their products, including websites and mobile apps, into compliance, after which enforcement action will commence. With this deadline fast approaching, data controllers should review their use of cookies and similar technologies now to ensure that they are in compliance with their legal obligations in advance of 6 October 2020.


Click to view advisory