Cookies and Similar Technologies

What is a cookie?

A cookie is a small text file that may be stored on your computer or mobile device that contains data related to a website you visit. It may allow a website “remember” your actions or preferences over a period of time, or it may contain data related to the function or delivery of the site. Cookies can be set by the owner of the website or in some cases by third party services the website owner allows to present other information, run content or advertisements, or provide other functionality such as analytics. Further information on cookies and cookie notices can be found at the following link to the European Commission’s webpage on cookies and EU law.

What are the rules regarding websites’ use of cookies?

Ireland’s ‘ePrivacy Regulations’ (S.I. 336/2011, which implemented the EU ‘ePrivacy Directive’) are an extra set of rules which are applicable to certain types of processing, including the use of cookies and similar technologies, and are read together with the rules found in the Data Protection Act 2018 and the GDPR. This means that, in general, the rules within the GDPR apply to the use of cookies and other similar technologies where it involves the processing of personal data, but that there are also more specific rules found in the ePrivacy Regulations.

For the setting use of cookies and other similar technologies, the data controller normally needs your consent (as required by Regulation 5(3) of the ePrivacy Regulations) to use these types of technologies. However, they don’t need consent where the cookie or other technology is necessary to provide you with the service you’re seeking – for example, cookies which may be needed to provide you with a functioning website which you want to access. The data controller also needs to provide you with certain easily accessible, ‘clear and comprehensive’ information on the technology they are using and the purpose for which they are using it.

One of the important impacts of the interaction between the GDPR and the fact that it is read together with the ePrivacy Regulations, is that any ‘consent’ as required under the ePrivacy Regulations, will now be defined in the same way as in the GDPR. The standard of consent required by the GDPR is higher than under the previous law, and means that consent must be a clear, affirmative act, freely given, specific, informed, and unambiguous.

How can I control what cookies are set on my device?

Within your browser you can normally choose whether you wish to accept cookies or not. Different browsers make different controls available to you and so we provide links below to popular manufacturers' instructions on how you can do this. Generally, your browser will offer you the choice to accept, refuse or delete cookies at all times, or those from providers that website owners use ("third party cookies"), or those from specific websites.


Last updated 4 February 2019