Me loveeee cookies

At this point we will assume you know what an internet cookie is. Unfortunately it is not the tasty type from a Jamie Oliver online recipe but more the type your website leaves on a persons device when they visit your website.

NOTE: You will find a cookie recipe below however.

Cookies serve a number of important functions, for example: 

  • remember a user and their previous interactions with a website
  • keep track of items in an online shopping cart
  • keep track of information when you input details into an online application form
  • identify users when they log onto your WP site 

Certain cookies are also used to help web pages to load faster and to route information over a network. However, the information stored in cookies can include personal data, such as an IP address, a username, a unique identifier, or an email address. It may also contain non-personal data such as language settings or information about the type of device a person is using to browse the site. Advertising IDs, user IDs and other tracking IDs may also be contained in cookies. 

Data Protection Commission

The Data Protection Commission (DPC) is the national independent authority in Ireland responsible for upholding the fundamental right of individuals in the European Union (EU) to have their personal data protected. The DPC is the Irish supervisory authority responsible for monitoring the application of the General Data Protection Regulation (GDPR), and we also have functions and powers related to other regulatory frameworks, including the Irish ePrivacy Regulations (2011).

In 2020 the Data Protection Commission released guidelines relating to ‘cookies and other tracking technologies’. This was following a review of general practices and implimation at the time (which was found wanting in most cases).

In order to utilise cookies on a website, user consent is normally required (as set out in Regulation 5(3) of the ePrivacy Regulations). Under the General Data Protection Regulation (GDPR), consent must be a clear, affirmative act, freely given, specific, informed, and unambiguous.

Consent is not needed where the cookie is strictly necessary to provide a service which has been explicitly requested by the user, e.g. cookies which may be needed to provide the user with a functioning website which they want to access (see Regulation 5(5) of the ePrivacy Regulations for more information).

So what does this mean for you?

The ePrivacy Regulations require that you obtain consent in order to gain any access to information stored or to store any information on a person’s device.

This means you must get consent to store or set cookies, regardless of whether the cookies you are using contain personal data. The user must also be able to withdraw consent and you must not ‘bundle’ consent for cookies with consent for other purposes, or with terms and conditions for other services you provide.

You may not obtain consent by ‘implication’, this means wording your cookie banner or notice which inform users that, by their continued use of your website – either through clicking, using or scrolling it – that you will assume their consent to set cookies, is not permissible.

To lay it out in the simplest terms:
  • Vague or nondescript cookie notices are a thing of the past
  • One tick ‘I agree’ consents are a thing of the past
  • Your ‘GDPR Privacy Policy’ or ‘Terms of Use’ is not sufficient you should have a dedicated cookie policy
  • Keeping a log of consent will be a requirement 
  • You must give the option for a user to change their consent preference
  • Understanding necessary Vs unnecessary cookies is important

What is the impact to my website?

Most vast majority of websites choose to implement a cookie banner or pop-up, which displays when a user lands on the website.

If you use this method, you must not use an interface that ‘nudges’ a user into accepting cookies over rejecting them. Therefore, if you use a button on the banner with an ‘accept’ option, you must give equal prominence to an option which allows the user to ‘reject’ cookies, or to one which allows them to manage cookies and brings them to another layer of information in order to allow them to do that, by cookie type and purpose.

The user’s consent must be specific to each purpose for which you are processing their data, it must be freely given and unambiguous and it requires a clear, affirmative action on the part of the user.

What are my options?

Thankfully you will be happy to hear there are a number of solutions available for consideration. Some are free, some a one-off-payment and others licence based. Remember, at the end of the day you get what you pay for. The free or cheaper options may offer less in the way of customisation or lack key features like consent logging, cookie-sweeps, etc…

A few worthwhile considerations are as follows:

So, there you have it an overview on cookie consent and what it means for you. As always we are only a phone call or email away should you need further help – to reach out!

And now what you really want, the recipe

  • 100 g unsalted butter , slightly softened
  • 125 g golden caster sugar
  • 1 large free-range egg
  • ½ teaspoon vanilla extract
  • 200 g self-raising flour
  • 1 pinch of fine sea salt
  • 100 g quality chocolate (use a mixture of milk and dark, if you like)
  • Preheat the oven to 170ºC/325ºF/gas 3. Line two baking sheets with greaseproof paper
  • Beat the butter and sugar in a large bowl until pale and creamy. Crack in the egg, add the vanilla and mix well. Sift in and fold through the flour and salt. Roughly chop and stir in the chocolate
  • Roll tablespoons of the dough into balls and place onto the lined trays. Cover and chill in the fridge for 15 minutes
  • Flatten the balls slightly with your fingers, then place in the hot oven for 10 to 12 minutes, or until lightly golden (make sure you don’t overdo them – the chewier the better)
  • Leave to cool completely, then serve with a glass of cold milk

Like it? Love it?
Share it !