Irish Law and Session Cookies
This week the Republic of Ireland’s Data Protection Commissioner has released the Irish government’s guidance on complying with their version of the cookie law.
What is really interesting about this is their take on the application of the law to session cookies.
This is what they say:
“this means that websites placing cookies on user equipment that are not deleted when the user leaves their website must identify a means of obtaining user consent”
The interesting part is: “cookies…that are not deleted”. This indicates that cookies that are deleted, do not require visitor consent.
This can only be referring to session cookies, although the bit about them being deleted when the user leaves the site is a bit misleading.
Session cookies are deleted when a user closes their browser, which can, of course, be long after they have navigated away from the website they got it from.
One hopes that the Irish government is aware of the difference, but if they are they may have opened up an opportunity in their guidance that site owners, and particularly advertisers will be happy to make use of to their advantage.
A session cookie could still be a tracking cookie for third party advertising. Although it is less useful to the advertiser than a persistent cookie, it is still better than none at all.
It really highlights the difficulties faced in trying to comply with the laws in different jurisdictions, whilst trying to still gather as much visitor data as possible.
It has been suggested that this wording by the Irish government is very deliberate. They are home to a large number of big technology companies whose revenue (and therefore tax contribution) could be heavily reduced by the introduction of this new law.
We shall be watching what happens there closely.
January 13, 2017
Future of EU Cookie Compliance Webinar: ...
GDPR and now the proposed E-Privacy Regulation mean a stricter regime for cookie compliance, web governance and use of online tracking technologies. Join p...View Article →
December 14, 2016
Draft EU ePrivacy Regulation Leaked...
A draft of the proposed legislation to replace the outdated EU ePrivacy Directive was leaked on the Politico.eu (PDF) website this week. The proposal is fo...View Article →
November 3, 2016
GDPR Compliance Means Cookie Notices Mus...
Are you one of those people that ticked the cookie law box ages ago and not thought about it since? Well the game has changed and now is the time to re-vis...View Article →