IRISH FIRMS are falling behind in complying with new EU rules on website privacy, and could leave themselves open to heavy fines, a new study has revealed.
The new directive, which was brought into Irish law last year, requires companies to inform users about the use of cookies and gaining their consent for use.
But a review of the 50 top-ranking sites in Ireland showed there was a lower level of compliance with the directive here than in the UK.
Cookies are small pieces of data stored on a user’s machine in a text file that provide websites with information about previous interactions with the site. They can be used to store data for everything from webmail services to targeted advertising.
The findings were revealed as part of a study carried out by Irish information security firm Espion, which looked at what information was available and how it was provided.
The study found that only 4 per cent of Irish sites prominently displayed cookie information in a clearly accessible way, as required by the directive. That compares with 62 per cent of UK websites.
The majority of sites here also failed to provide clear, user-friendly information about cookies, and only two Irish firms provided easy to find cookie statements.
The legislation was brought in last July, and the Data Protection Commissioner published comprehensive guidance for firms on the new rules, which has been available on its website for more than a year. However, it seems that Irish firms are still falling short.
“Once the EU directive was released, it was the responsibility of the commissioners to drive the transposition of that into Irish law, and provide guidance on how websites could comply with it,” said Espion’s Seamus Galvin.
In the UK, for example, an awareness campaign to inform site owners about how they should comply was undertaken, although the Information Privacy Office has a significant level of resources at its disposal, with about 400 staff.
Services director at Espion Colm Fagan said companies needed to be aware of their obligations under data privacy laws and the potential repercussions if they fail to meet them.
“The main idea behind it is about protecting people’s privacy,” he said. “I think where a website is processing people’s information, it should be incumbent on the website owner to ensure they’re meeting the regulations that they need to meet. A little bit of due diligence goes a long way.”
Although fines vary across the EU for breaches of data privacy laws, Mr Galvin said that privacy laws across the region were being consolidated. Once that happens the fines will become more streamlined, and could enter more towards percentage of revenue, so depending on the size of the company, the sky is the limit,” he said.