Ireland’s Data Protection Commission (DPC) has published a report covering compliance issues with the data controlling firms.
The report flagged at least one serious compliance concern at 20 out of 38 surveyed data controlling organisations. While 12 of those 38 companies lack clarity on the e-Privacy legislation, only two organisations were found to comply with regulations substantially.
Many data controllers are categorising website cookies as necessary or strictly necessary but could not meet the two consent exemption criteria provided. Some companies were also found using cookie banners that do not offer actionable choices.
Despite consent collected through pre-checked boxes/sliders not being considered valid, 10 out of 38 websites were using the same format. Most of those surveyed also did not give users any control over the purpose the cookies could be used for by the data controllers.
[7 minute read]