The Office of the Data Protection Commissioner (ODPC) has written to 80 Irish website operators requesting information on how they are complying with new “cookie” legislation introduced in July 2011.
The new legislation places an obligation on website operators to provide information to users about the types of cookies used on their websites and to seek consent for the use of such cookies (see our previous article here).
The website operators contacted had 21 days, from 19 December, 2012 in which to outline the action they have taken in order to comply with the new rules. If they have not yet complied, they were asked to explain why they have not done so and to provide details and a timescale as to how they intend to achieve compliance. They had to also explain how they make users aware of any third party analytics or advertising cookies used on their website.
The letter also made clear that the ODPC may exercise its powers of enforcement in the event of non-compliance.
Deputy Commissioner of the ODPC, Gary Davis, expressed disappointment with the response of Irish website operators in the 18 months since the new rules were introduced and stated that “levels of compliance would appear to be very low compared to the UK”.
The letter marks one of the first steps taken by the ODPC to ensure compliance by Irish website operators with the new regime.