Irish Law and Session CookiesBy: Richard Beaumont | Wednesday, July 6, 2011 | Tagged: Session Cookies | Leave Comment
This week the Republic of Ireland’s Data Protection Commissioner has released the Irish government’s guidance on complying with their version of the cookie law.
What is really interesting about this is their take on the application of the law to session cookies.
This is what they say:
“this means that websites placing cookies on user equipment that are not deleted when the user leaves their website must identify a means of obtaining user consent”
The interesting part is: “cookies…that are not deleted”. Which indicates that cookies that are deleted, do not require visitor consent.
This can only be referring to session cookies, although the bit about them being deleted when the user leaves the site is a bit misleading.
Session cookies are deleted when a user closes their browser, which can of course be long after they have navigated away from the website they got it from.
One hopes that the Irish government is aware of the difference, but if they are they may have opened up an opportunity in their guidance that site owners, and particularly advertisers will be happy to make use of to their advantage.
A session cookie could still be a tracking cookie for third party advertising. Although it is less useful to the advertiser than a persistent cookie, it is still better than none at all.
It really highlights the difficulties faced in trying to comply with the laws in different jurisdictions, whilst tring to still gather as much visitor data as possible.
It has been suggested that this wording by the Irish government is very deliberate. They are home to a large number of big technology companies whose revenue (and therefore tax contribution) could be heavily reduced by the introduction of this new law.
We shall be watching what happens there closely.