Major finance, retail website operators targeted in Irish 'cookie' sweep
01 Nov 2019 12:00 am by Vesela Gladicheva
Still in its initial phase, the sweep, which also covers other tracking technologies, could be extended to more website operators and lead to investigations.
The sweep is "cross-sector and cross-size," Jennifer O'Sullivan, deputy commissioner at the Irish Data Protection Commission, told MLex.
It entails checking compliance with both the EU's e-privacy directive on keeping communications confidential and the General Data Protection Regulation, O'Sullivan said.
The GDPR will apply in situations where the regulator comes up against questions around obtaining "valid consent" from users, she said. The GDPR, which took effect in May 2018, allows EU privacy regulators to impose fines of up to 4 percent of a company's annual turnover.
O'Sullivan said the Irish check isn't a "quick job" and that it could lead to formal probes, if the watchdog comes across violations.
“Cooperation has been requested by the [Irish] DPC from controllers across a broad range of sectors, including the financial, retail, sports, lifestyle and media sectors, and the public sector,” the regulator told MLex. “The sweep is focusing on websites at present but we have not ruled out looking at apps at a future point,” it said.
The enforcer is understood to be initially examining a small number of websites, with the possibility of then opening up the sweep to other operators.
Cookies are small text files that have a wide range of uses, from storing someone’s language preference on a website, to enabling the large-scale tracking and profiling of people across the Internet. They can be set by the operator of a website or by third-party services that the website owner allows to, for example, present other information, run ads or provide analytics.
User consent is required before setting non-essential cookies, used for access to information on a user’s computer or mobile device. The data controller has to clearly tell users about the technology and why the website operator is using it.
Last month, an eagerly awaited EU court ruling said the use of pre-ticked boxes by websites to obtain consent for cookie tracking does not amount to a person giving free and informed consent under the EU’s strict data-protection rules.
TikTok may be able to escape its current dispute with the US, but the video-sharing app will still be facing regulatory headwinds around the globe.
03 Aug 2020 9:29 pm by Ana Paula CandilCompanies are pressuring Brazilian lawmakers to delay implementation of the nation's data-protection law from Aug. 16 until next May.
Biggest cyberattack ever caused $15 billion loss to customers of companies directly hit, though banks softened impact, study says31 Jul 2020 12:00 pm by Neil RolandThe most damaging cyberattack ever in 2017, caused a $15 billion loss to customers of companies directly hit, a federal study said.