The new DPC website is currently under construction. Our latest guidance in relation to GDPR, which comes into effect on 25th May, 2018, can be found at gdprandyou.ie and via pages on this website starting with "NEW" as per the navigation pane on the left. All other material on this site relates to the previous legislative regime under the Data Protection Acts 1988-2003 ("the Acts"). While the Acts may continue to apply in some circumstances, as of 25th May, 2018 the GDPR is the primary piece of legislation governing data protection.

Data Protection Commission

Data Protection Commissioner commences action on "Cookie" law

The Office of the Data Protection Commissioner has this week written (see link below) to some 80 websites (see link below) seeking information on the steps that they have taken to meet the so called "cookie" obligations placed upon them with effect from 1 July 2011. Since that date all websites must provide information and capture consent for dropping or accessing cookies or other information on a user's computer equipment when a user visits their site.

Speaking today, Deputy Commissioner Gary Davis indicated "this law does not break the internet as was suggested in some parts, it simply educates users to make informed choices. This is a legal requirement now for 18 months and we are disappointed with the response of websites. Levels of compliance would appear to be very low compared to the UK for instance and we cannot allow that situation to continue. As a first step websites need to provide prominent and clear information to users as to what data they are collecting or allowing to be collected via cookies on their site. At a minimum this will begin to educate users as to the scale and type of data collection taking place and then better position users to take informed choices as to what cookies they wish to allow or block."

The websites targeted have 21 days to outline their approach. Davis added "we will be obliged to take enforcement action where websites fail to engage with us and meet their legal obligations. However, we expect that this will not be necessary as compliance is straightforward for most websites."


For more information, please contact:

Catriona Holohan, Office of the Data Protection Commissioner at +353 (0)57 868 4800

Email: Media@dataprotection.ie


This obligation was introduced by the transposition of the ePrivacy Directive in Ireland on 1 July 2011 via Statutory Instrument 336 of 2011. The 80 websites in question were chosen at random as a representative sample of sites. Receipt of a letter does not indicate that a site has not achieved compliance with the law.

List of websites

Copy of Letter issued