You visit a website. A banner appears. You click “Accept” without reading anything because you want it gone. Sound familiar?
Cookie consent has become so universal that most people ignore it entirely. But for Irish businesses, getting it wrong can mean significant fines and legal trouble. And “getting it wrong” is surprisingly easy.
Here’s what you actually need to know.
The Legal Framework
Cookie consent in Ireland falls under two regulations:
ePrivacy Directive (Cookie Law)
The 2002 ePrivacy Directive, updated in 2009, specifically addresses cookies. It requires:
- Informing users about cookies and their purposes
- Obtaining consent before setting non-essential cookies
- Making consent voluntary and specific
GDPR
The General Data Protection Regulation applies when cookies collect personal data:
- Cookie consent must meet GDPR consent standards
- Privacy policy must explain cookie usage
- Users have rights over their data
The Data Protection Commission (DPC) enforces both in Ireland. They’ve been increasingly active in pursuing cookie compliance violations.
What Cookies Actually Are
A cookie is a small text file stored on the visitor’s device. Websites use cookies for:
Strictly Necessary Cookies
Essential for basic website functionality:
- Session cookies (keeping you logged in)
- Shopping cart cookies
- Load balancing
- Cookie consent preferences (ironically)
These don’t require consent because the site can’t function without them.
Functional Cookies
Enhance user experience but aren’t strictly necessary:
- Language preferences
- Region settings
- Accessibility options
These improve experience but the site works without them.
Analytics Cookies
Track visitor behaviour:
- Google Analytics
- Hotjar, Clarity
- Internal analytics
These collect data about how visitors use your site. Requires consent.
Marketing/Advertising Cookies
Used for advertising purposes:
- Facebook Pixel
- Google Ads remarketing
- Third-party ad networks
These track users across websites. Definitely requires consent.
What Proper Cookie Consent Looks Like
Pre-Consent: No Non-Essential Cookies
Before the visitor consents, only strictly necessary cookies should load. This means:
- No Google Analytics tracking
- No Facebook Pixel
- No marketing cookies
- No third-party embeds that set cookies
Many sites fail here. They load tracking scripts immediately, then show a consent banner. That’s backwards and non-compliant.
Clear Information
The consent banner must explain:
- That the site uses cookies
- The general purposes (analytics, marketing, etc.)
- Link to full cookie policy for details
Genuine Choice
Visitors must have real options:
- Accept all (must be explicit action)
- Reject all (equally easy as accepting)
- Customise (select specific categories)
“By continuing to browse, you consent” is NOT valid consent.
Granular Options
Users should be able to:
- Accept only necessary cookies
- Accept analytics but not marketing
- Change their preferences later
Easy to Reject
This is where most sites fail. Rejecting must be as easy as accepting:
- Same number of clicks
- Equally prominent buttons
- No dark patterns to discourage rejection
Persistent and Accessible
Once preferences are set:
- Honour them across the session
- Remember them on return visits
- Provide a way to change preferences (usually a footer link)
Common Mistakes Irish Businesses Make
”Accept” Only Buttons
A consent banner with only an “Accept” button isn’t consent — it’s coercion. You must provide an equally accessible way to reject.
Pre-Ticked Boxes
Consent forms with categories pre-checked and requiring users to untick them is not valid consent. Opt-in, not opt-out.
Blocking Content Until Consent
Making consent mandatory to access content is problematic. Users should be able to browse with only necessary cookies if they prefer.
Implied Consent
“By using this site, you agree to cookies” isn’t consent. Users must take an explicit action.
Loading Scripts Before Consent
If Google Analytics loads before the consent banner appears, you’ve already violated the rules, regardless of what the banner says.
Cookie Walls
Refusing access entirely unless cookies are accepted is increasingly scrutinised. The DPC frowns upon this approach.
Ignoring Rejections
Collecting data anyway when users reject is obviously wrong but surprisingly common in poorly implemented solutions.
Implementing Cookie Consent on WordPress
For general plugin guidance, see our plugin management best practices.
Recommended Plugins
Complianz (Best Overall)
- Free and premium versions
- Proper consent-before-loading
- Cookie scanner included
- Good GDPR and ePrivacy compliance
- Regular legal updates
CookieYes
- Free tier available
- Easy setup
- Good consent management
- Cookie scanning
- Multi-language support
GDPR Cookie Compliance
- Lightweight option
- Basic but effective
- Free version works for simple needs
Cookiebot
- Premium service
- Automatic cookie scanning
- Strong compliance features
- Used by enterprises
What to Look for in a Plugin
Must have:
- Blocks scripts until consent given
- Provides accept AND reject options
- Stores consent records
- Allows preference changes
- Generates cookie policy
Nice to have:
- Automatic cookie scanning
- Category-based consent
- Third-party integration (Google Consent Mode)
- Multi-language support
- A/B tested banner designs
Configuration Tips
Consent mechanism:
- Use categories (necessary, analytics, marketing)
- Ensure “Reject all” is equally accessible
- Don’t pre-select any optional categories
Script blocking:
- Configure proper script blocking for each cookie category
- Test that analytics only loads after consent
- Verify marketing pixels wait for consent
Cookie policy:
- List all cookies used
- Explain each cookie’s purpose
- State duration/expiry
- Identify first-party vs third-party
- Update when you add new services
Google Analytics 4 and Consent
GA4 has specific consent mode features:
Google Consent Mode
Google Consent Mode allows analytics to work in a privacy-friendly way:
- Basic tracking works without cookies (with limitations)
- Full tracking only after consent
- Automatic adjustment based on consent status
Implementation:
- Configure consent mode in your cookie plugin
- Set default consent states
- Update states when user provides/changes consent
- GA4 adjusts behavior automatically
What You Lose Without Consent
Without analytics consent, you lose:
- Individual user tracking
- Conversion attribution
- Remarketing audiences
- Some demographic data
Google provides modelled conversions to fill gaps, but data quality decreases.
Documenting Consent
For compliance, you should be able to prove:
- When consent was given
- What was consented to
- How consent was obtained
- That rejection was equally easy
Good consent plugins log this automatically. Keep records for at least as long as you retain the data collected.
Auditing Your Current Setup
Check your cookie compliance:
Step 1: Open Incognito Browser
This ensures you’re seeing the site as a new visitor.
Step 2: Inspect Cookies Before Interacting
Before clicking anything:
- Open Developer Tools (F12)
- Go to Application > Cookies
- See what’s already set
If you see Google Analytics, Facebook, or marketing cookies before consenting, you’re non-compliant.
Step 3: Test Rejection
Click “Reject” or equivalent:
- Is it equally accessible as “Accept”?
- Are non-essential cookies actually blocked?
- Does the site still function?
Step 4: Test After Consent
Accept analytics/marketing and verify:
- Expected cookies now appear
- Scripts are loading correctly
- Preferences are remembered on refresh
Step 5: Check Preference Change
Try to change your preferences:
- Is there a link in the footer?
- Can you revoke consent?
- Are new preferences honoured?
The Business Impact
Cost of Non-Compliance
The DPC can impose fines up to €20 million or 4% of global turnover. While maximum fines are rare for small businesses, enforcement is increasing.
Cost of Poor Implementation
Aggressive cookie banners and consent walls:
- Increase bounce rates
- Create negative first impressions
- May reduce engagement
Finding Balance
The goal is compliance that doesn’t destroy user experience:
- Clear, professional banner design
- Easy accept AND reject
- Unobtrusive placement (bottom of screen usually)
- Quick, single-click options
- Don’t ask again after preference is set
The SparkHost Approach
When setting up hosting for clients, we:
- Recommend Complianz for most sites
- Configure proper script blocking during setup
- Audit consent implementation as part of site review
- Advise on policy requirements (though not legal advice)
- Keep plugins updated for evolving regulations
Cookie compliance is one of many areas where managed hosting saves time and ensures things are done properly.
Your Action Items
Immediate:
- Audit your current cookie implementation (incognito browser test)
- List all cookies your site sets
- Identify which require consent
This week:
- Install/configure a proper consent plugin
- Ensure non-essential scripts only load after consent
- Add “Reject all” if not present
- Create/update cookie policy
Ongoing:
- Update policy when adding new services
- Test periodically for compliance
- Monitor regulatory changes
- Keep consent plugin updated
Cookie consent isn’t just about showing a banner. It’s about respecting user choices and meeting your legal obligations. Do it properly, and you protect both your visitors and your business.