Cookie Consent Update 2020
Following the Irish Data Protection Commission’s (DPC), summarised report that was published on the 6th of April, 2020, we also wanted to inform our customers and web users that the EU Cookie Directive is now in effect since September 6th, 2020.
What you need to know
- The standard consent required by the GDPR is even higher now. This means that the consent must be clear, freely given, specific, and unambiguous.
- No non-essential cookies/technologies are not set on landing pages of your site or app.
- Obtaining a user’s consent via the use of a cookie pop-up or banner is acceptable on condition that:
- The cookie pop-up is designed in a neutral way. If there is an“accept” and “reject” button, they must be of equal prominence, and if there is an option which brings users to the second layer of information, it should allow them to manage their cookie settings.
- The second layer of information must provide more detailed information about the types and purposes of cookies or other technologies being set, and the third parties who will process information collected when those cookies and similar technologies are deployed. It also must provide users with options to accept or reject such cookies or similar technologies by cookie type and purpose. For example, checkboxes must not be pre-checked or sliders set to “on” by default. Checkboxes or sliders should be clearly marked as “on” or “off”, so users do not have to guess at their functionality.
- Users must be able to change their cookie preferences at any time.
- A cookie's lifespan of storing records must not exceed the timeframe of 6 months. A new consent must be obtained after that period.
- Any record of consent must be backed up by demonstrable organisational and technical measures that ensure a user’s expression of consent can be effectively acted on.
- Analytics, targeting, and marketing cookies require a user’s prior consent. That excludes first-party analytics cookies that are considered potentially low-risk.
What you need to do
Now that you know more about what the new EU Cookie Directive means according to the DPC's report, there are a number of actions you can take to prevent any potential compliance issues.
- You must review your privacy policies and cookie compliance to ensure that they are following the EU’s Cookie Directive.
- You must remove any cookies that are not in compliance.
- You should categorise your cookies in a clear, informative, and organised manner. See Aphix's cookie consent pop-up below.
If you are still not confident as to what you need to do or don’t have the time to do it, you can always hire a marketing agency like MOR Digital to implement these changes for you before it’s too late.
Whether we talk about website security, eCommerce security, or any type of security for that matter, It is clear that security is of utmost importance and everyone should follow best practices and be compliant with that category’s rules and regulations.
There was a six-month window for everyone who owns a website that uses any type of cookies to get in compliance with the DPC’s new cookie guidelines.
Irish organisations who failed to do so within the specified timeframe may face the consequences and the DPC may take action against them.