Cookies and Tracking Technology


The General Data Protection Regulation (GDPR) and the ePrivacy Directive (ePR) affect how websites may use cookies.

Cookies cannot be automatically created by a website unless the user has consented to that type of cookie being used or deliberately invokes a feature that requires a cookie.

ISS has introduced a cookie manager to the NUI Galway website, which allows all visitors to manage their cookie preferences (see for more information).

And, within NUI Galway's Web Content Management System (CMS), all content types that use cookies have been modified to respect each visitor's individual cookie preferences.

The Risk:

However, most 3rd-party content hosts promote their own ways to embed that content into a website.  And it is possible to paste these into NUI Galway’s Web CMS, even though they are not always ePR compliant.

For example:  If a web editor embeds a YouTube video into an NUI Galway webpage, following YouTube's instructions (instead of ISS's), the embedded video will not be aware of the cookie preferences each visitor has given to  This may result in the webpage using cookies without the visitor's consent, which could, in turn, lead to a significant fine from the Data Protection Commission.

The Fix:

To avoid this risk, all web editors are reminded to use ISS's documented methods for embedding 3rd-party content, which ensure the website's compliance with ePR as well as the best user experience on all devices.

For your convenience, links to all relevant CMS examples / documentation are provided below:

CMS Documentation:

Embedding video correctly:

- Embedded YouTube, Vimeo, HEAnet Media, or Facebook Videos:

- Multiple YouTube Videos:

- Large YouTube Video:

- Static (lightbox) YouTube Videos:

- YouTube in the Sidebar:

Embedding other popular 3rd-Party content in your website correctly:

- Facebook:

- Flickr:

- Twitter:

- Instagram:

 - TikTok: