Privacy Statements and Cookie Policies on Websites-the Essentials in Ireland

privacy-statement

Have you noticed those annoying website “cookie” notices popping up nearly everywhere on the  internet?

Well, there is good reason for them.

They are a legal requirement in Ireland and Europe and breaches of the law covering data protection-the Data Protection Acts 1988 and 2003 and Statutory Instrument 336 of 2011-can lead to fines of up to €100,000 and deletion of the data collected via the website.

(Statutory instrument 336 of 2011 deals with European Communities (Electronic Communications Networks and Services)(Privacy and Electronic Communications) Regulations 2011.)

Privacy statement v privacy policy

Note that there is a significant difference between a privacy statement and a privacy policy.

A privacy statement is a legal requirement for all websites in Ireland and the EU. It is a public statement of how the owner/operator of the website applies the 8 data protection principles to data processed on its website.

A privacy policy, on the other hand, sets out how the operator/owner of the website applies the 8 principles to the way in which it processes data across the organisation. This data would include employee, third party, and customer data.

Website cookies

Regulation 5 of SI 336 of 2011 covers the use of “cookies” by website operators/owners. A cookie in this context is a small file that can be downloaded to your computer or phone when you visit certain websites. This regulation provides

  1. that you as website visitor should be told why this is being done and
  2. that you should be given the opportunity to give your consent or decline.

This, then, and a prosecution by the Data Protection Commissioner and a potential fine of €100,000 is why you will have seen these “cookie consent” notices popping up on websites.

If you operate a website and it uses cookies or web beacons, or collects personal data, or collects ip addresses or emails, your website needs a privacy statement.

What information should be contained in a privacy statement?

  1. The clear identity and contact details for the operator of the website
  2. The purpose of collecting the data
  3. The right of access to any personal data collected
  4. The right of rectification or erasure
  5. If the data collected can be released to a 3rd party-this should be made clear
  6. The extent of the data being collected
  7. Whether the website uses cookies and the extent
  8. If cookies are used, the visitor should be able to consent to their use or opt out.

If your privacy statement contains the information set out above your website should be compliant with the law in this area and the requirements of the Data Protection legislation in Ireland.

However, you can also go a step further by providing the following information:

  • Your commitment to maintaining security of any data collected
  • Some form of complaints resolution mechanism should be considered
  • How long you retain data, for example credit card information could be deleted once a transaction is complete
  • That the data collection is not excessive but only relevant data is collected
  • How data subjects can update their information to ensure the data that is held is accurate.

Where to put the privacy statement

It should be readily accessible from any page on your website, not just on your home page, as a huge amount of traffic visiting your site may visit your site through landing on a page other than your home page.

What you should do now

If you are responsible for a website or blog you should ensure that you have a legally compliant and robust privacy statement on your site.

I can provide you with one-you can contact me here.

Product Liability and Consumer Rights-What the Business Owner Needs to Know

consumer-rights-law

Stroppy, ungrateful consumers.

They’re the bane of any honest businessman or woman trying to make an honest living.

Have you had these thoughts from time to time?

What are consumers’ rights when it comes to alleged defective products?

How bad can it get?

Consumer rights in relation to defective products are afforded by a combination of protections such as

  • common law which protects against tort or civil wrongs such as negligence;
  • the law of contract will also provide relief to the consumer in relation to defective products;
  • legislation such as Liability for Defective Products act 1991, the Civil Liability Act of 1961 and other more modern European legislation including directives and regulations.

Liability for Defective Products Act 1991

Under this act the consumer does not need to prove negligence on behalf of the supplier or retailer.

He/she merely needs to show that the product caused the consumer damage because of a defect in the product.

It is a strict liability therefore the consumer does not need to show any negligence on the part of the manufacturer-he just needs to show a link between the product and the damage suffered.

Common Law-Negligence

The consumer will need to prove that the manufacturer owed a duty of care to the consumer, that that duty of care was not upheld, that there was loss or damaged incurred by the consumer as a result of the failure in relation to the duty of care and there was a close connection between the injury suffered and the conduct of the supplier/manufacturer.

Sale of Goods Act

The Sale of Goods Act 1893 and the Sale of Goods and Supply of Services Act 1980 state that the supplier has a contractual duty to the consumer in relation to the consumer in respect of defects in his product.

It is difficult to recover under this act against a manufacturer as your contract will be with the retailer.

European Legislation

Various pieces of European legislation such as the European Directive on Product Liability and the European Communities (General Product Safety) Regulations 2004 also provide protection to the consumer in relation to defective and dangerous products.

Under the Liability For Defective Products Act 1991 liability is strict and no duty of care needs to be established and this is why it will be used on many occasions along with perhaps a legal action for breach of contract and/or negligence.

The time within which you can bring an action under the various headings above varies from 2 years in relation to a personal injury claim to 6 years for breach of contract under the Sale of Goods Act.

If a consumer is unfortunate enough to suffer as a result of a dangerous/defective product (s)he needs to retain the evidence carefully including the product itself, any invoices/receipts and a good note of where and when (s)he purchased it.

National Consumer Agency

The National Consumer Agency has some pretty strong powers under the Consumer Protection Act of 2007.
By Terry Gorry
Google+