The new European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 came into force in Ireland on 1st July 2011. The regulations implement a European Directive and bring in new rules on cookies in respect of websites.
What are Cookies?
Cookies are classed as a means of storing information on a website user’s computer, or a means of gaining access to information already stored on a user’s computer.
What are the Implications of the New Regulations?
• The user has given consent to that use
• Information on the purposes of processing such information is provided and all such consent provisions and information is prominently displayed and easily accessible.
There is an exception in respect of when a service is explicitly requested by a user to which the new rules do not apply. For example this allows online shopping to proceed without express consent for cookie use.
When the regulations first came out there was no definitive guidance in respect of how such consent should be obtained in practice.
A European Working Party was set up to address the issue of consent and the opinion was adopted on the 13th July 2011.
The Working Party recommends that consent must be specific, freely given and informed. This suggests that in practice consent must be explicitly obtained prior to any information being used or stored, and that information in privacy policies or terms and conditions (detailing how to block cookies and informing the user about which cookies are used by the website) is not sufficient.
At the moment we are waiting to see how the EU and Ireland will interpret and enforce the regulations. Businesses need to review their cookie use and website privacy policies in light of the new regulations and make decisions on how they wish to proceed pending further guidance and decisions by the Data Protection Commissioner.
The regulations also brought in additional requirements in respect of marketing obligations for electronic marketing and phone calls.
For further information on the new regulation and how it affects your business please contact our Intellectual Property and Technology Unit.
Businesses should review their cookie use and website privacy policies.
It remains to be seen how the regulations will be interpreted and enforced by the Data Protection Commissioner.