An Analysis of Ireland's Homecare Companies' Cookie Practices in terms of GDPR Compliance.

The General Data Protection Regulation (GDPR) 2016, the Data Protection Act 2018 and the e-Privacy Directive 2002 are applicable legal instruments that impose responsibilities on homecare companies as 'data controllers'. One of these responsibilities is that they provide their clients with information pertaining to their clients' rights and the data controllers' responsibilities as set out by the GDPR. Many homecare companies publish their Privacy Policies on the company website to showcase their compliance and make themselves more attractive to potential clients. Many websites use Cookie (or consent) Management Platforms (CMP's) to manage their cookies and fulfil their legislative obligations. Cookies gather information and must comply with the terms of data protection and e-Privacy legislation. This research evaluates homecare companies' Cookie Practices to ascertain GDPR compliance and found them to be lacking the substance and detail necessary to be considered compliant. This was achieved by identifying the websites of homecare companies operating in Ireland, accessing their website using a cookie cleared browser and then examining the researcher's computer immediately afterwards to see what (if any) cookies had been uploaded, in addition to assessing the homecare companies CMP (where present) for compliance. This research found a high level of non-compliance and suggests that Ireland's Data Protection Commission (DPC) could and should become more involved in creating solutions by evolving their role to that of a Data Protection Service Provider. By doing so they will improve compliance with data protection legislation and enhance the protections afforded to an individual's right to privacy.