RegSol Blog

Compliance Institute of Ireland Survey Results on Third Party Cookie Ban

July 2022

Google has announced it proposes to stop the use of third-party cookies in Chrome by the end of 2023, joining a growing list of browsers ditching the notorious tracking technology.

However, a recent survey from Compliance Institute of 144 compliance professionals within Irish organisations throughout the country, has found that although the oncoming changes from Google around the use of third-party cookie data will have implications for almost 9 in 10 businesses, there’s a widespread lack of awareness, with 74% of respondents saying there’s little to no awareness of the issue within their organisation. (See Compliance Institute press release HERE).

What is a cookie?

A cookie is a small text file that may be stored on your computer or mobile device that contains data related to a website you visit. It may allow a website “remember” your actions or preferences over a period of time, or it may contain data related to the function or delivery of the site.

First party and third-party cookies

A cookie set by a website, i.e., the host domain, is a first-party cookie. A third-party cookie is one set by a domain other than the one the user is visiting, i.e., a domain other than the one they can see in their address bar. They are mostly used to track users between websites and display more relevant ads between websites. They also allow website owners to provide certain services, such as live chats.

First-party cookies will still function by default in browsers that block third-party cookies (also in Google Chrome), and they will continue to require consent in most cases, unless the purpose of a cookie is ‘strictly necessary’ to the basic operation of a website.

Consent, consent, consent

As mentioned, the end of third-party cookies does not mean the end of consent.

On the contrary, a firm’s website will still need to ask for and obtain the explicit consent of users before any data is allowed to be stored, on a user’s browser, regardless of what technology is used. The website will still be required to inform its users about whatever technology the firm uses to collect personal data, including its provider, purpose and duration, and to document safely the obtained consents, and to renew them at least annually.

The Data Protection Commission guidance on Cookies and Other Tracking Technologies (here) confirms that “Consent for the setting of cookies must be of the standard defined in the General Data Protection Regulation Article 4(11), which says the ‘consent’ of the data subject means any “freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”.

Is your firm prepared?

There have been mixed reactions to the proposed Google ban. While it has been welcomed by some commentators believing it is for the greater good of individuals and their privacy, others believe the new arrangements will further increase Google’s dominance in the online marketing area and will cause disruption in the advertising business.

Irrespective of how you view the changes, the Compliance Institute survey highlights that only 12% of Irish firms are “very prepared” for the proposed third-party cookie ban on Chrome. It is therefore vital to be aware of how exactly your firm uses cookies and to be compliant with the Data Protection Commission requirements regarding cookies.

Should your firm require a Data Privacy Check-up or review of outward facing data protection policies, make sure to contact us at