What? Even more work needed to make our website GDPR and ePrivacy-compliant?
We designed and launched our new website since GDPR came live – do we really need to implement more changes?
Since April of this year, we have had colourful debates with website owners who have approached us about the ePrivacy Directive.
We even assigned a "code-red cookie team" to support clients to understand and comply with the new Cookie Consent guidance, in what we internally called "Project Biscuit". We issued Step-by-Step Guidelines, we even answered many of the debated questions in a previous blog post.
However, there is one question that we are still asked: what has actually changed since GDPR?
The original law on cookies has not changed. What has changed, under GDPR, is the definition of consent to process personal data. The new definition of consent is: “it must be freely given, specific, informed and unambiguous, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”.
As a result the revised cookie law (ePrivacy directive) states that the user must:
- Be provided with clear and comprehensive information
- Have the information prominently displayed and easily accessible
- Understand the purpose of what you are using the information for
- Have the right to withdraw their consent at any time
The Irish Data Protection Commissioner (DPC) took a stance and re-looked at the current (original) ePrivacy directive in relation to cookies and interpreted the law in light of the new GDPR definition of consent – leaving the adtech world to lobby Europe – before ePrivacy Regulation can be passed.
To this end in April of this year the DPC issued "updated or clarified" guidance as to how they would be looking at cookies on websites and telling every business in Ireland that they had 6 months to heed the "updated guidance".
Our Data Protection Officer reviewed and summarised these updates and so commenced the cookie debate... and code red team/Project Biscuit!
We will continue beyond 6th October (DPC deadline date) to support website owners to comply with the refreshed law.
If you want to set the wheels in motion to update your cookie consent contact us today.
Maeve Dunne Data Protection Officer
Integrating Privacy into your business & marketing strategy, builds trust and loyalty for your brand. Maeve takes a common-sense approach to data protection regulation and provides clients with independent data protection officer support.