An awareness study of the EU Privacy and Electronic Communication (ePrivacy) directive (S.I. No. 336/211).
Abstract
Background: In today’s increasingly information and digital age there is widespread use of search engines and social network sites. The use of this media form seems to be ubiquitous as it cuts across all age groups, social classes, and cultures. Online Behavioural Advertising (OBA) through the tracking of users has allowed for the development of user-targeted campaigns which traditional legal principles have struggled to come to terms with. It has fallen to the European Union and subsequently governmental organisations such as the Data Protection Commission (DPC) in Ireland to implement guidelines by which users must actively consent before cookies can be set up. The EU Privacy and
Electronic Communication (e-privacy) directive (EU Cookie Law), (S.I. No. 336/211) outlines the regulations by which consent must be given by consumers prior to placing cookies on their devices. Cookies are small text files that record internet users’ online activity. The regulators moved to update its guidance in 2020 having identified widespread failings of compliance during a sweep of websites in 2019. Given the widespread noncompliance as identified in the DPC cookie sweep and review of literature, there is, however, a lack of research into awareness of the directive by the various
stakeholders. AIM: The aim of this analysis is to measure the awareness and effectiveness on a regulatory, business, and consumer level of the EU Privacy and Electronic Communication (e-privacy) directive (EU Cookie Law), (S.I. No. 336/211) one year after the updated guidance from the DPC and how this may affect future policy. METHODS: A two-phased sequential mixed methods study across three key stakeholders was conducted consisting of an online survey administered to consumers and one-to-one interviews with representatives of the business community and with the Regulator who has responsibility for enforcing these regulations. RESULTS: The results identified a significant lack of awareness of the directive amongst the consumer and business cohorts with widespread noncompliance and limited enforcement by the Regulator and large-scale indifference by consumers to protect their online privacy despite their stated concerns for their online data. CONCLUSION: There is a very low level of awareness of the directive. The reasons for this range from the way the legislation is drafted, limited, and shared powers of enforcement by the DPC, deliberate non-compliance and largely missing the same enforcement powers as GDPR. Awareness campaigns, standardized CMP’s and automated auditing tools will all help increase awareness and effectiveness of the directive.
The following license files are associated with this item: