ICO Cookie Warning
The UK Information Commissioner’s Office (ICO) has recently written to companies operating some of the UK’s most visited websites regarding their use of cookies. The ICO is concerned that these companies are not following its guidance on website design and are not providing users with adequate choice as to whether their activities are tracked for personalised marketing.
Companies in scope have 30 days from the communication to bring their websites into compliance; the ICO will provide an update on the matter in January 2024 and include details of those that do not address its concerns.
What are cookies?
Cookies, or internet cookies are files with pieces of data that are used to identify a device, such as a laptop, when you use a network. Cookies identify users and can track users’ activity, companies operating websites can use this information for creating more personalised experiences for users, such as targeted ads or by selling the data gathered. Companies operating websites must adhere to rules around cookie use, including the requirement to outline their use of cookies in a cookie policy.
ICO warning to companies
The UK Information Commissioner’s Office (ICO) has recently written to companies operating some of the UK’s most visited websites regarding their use of cookies. The ICO is concerned that these companies are not following its guidance on website design and are not providing users with adequate choice as to whether their activities are tracked for personalised marketing.
Companies in scope have 30 days from the communication to bring their websites into compliance; the ICO will provide an update on the matter in January and include details of those that do not address its concerns.
Rules on the use of cookies
Competition and Markets Authority (CMA) and the ICO produced a joint paper on harmful design, building on their joint statement in 2021. The two organisations expect companies to:
- Put users at the heart of design choices;
- Use design that empowers user choice and control;
- Test and trial design choices; and
- Comply with data protection, consumer and competition law.
We have previously written an article on cookie compliance here, which readers may find helpful.
A trend?
The ICO’s crack down on cookies matches the position data protection regulators have taken in the EU. Earlier this year Meta was fined 390 million euros by its lead EU privacy regulator for breaches related to use of personal data in advertising and the French regulator, CNIL, has issued 4 decisions on sanctions for non-compliance with cookies requirements this year alone. This follows the announcement of the launch of an initiative to address ‘cookie fatigue’ by the EU Justice Commissioner Didier Reynders earlier this year.
How can we help?
For further information on Cookie notices and gaining consent from users to place Cookies, please get in touch with our specialist Data Protection & Cyber Security team.
This article was co-written by Helen McBrierty, Trainee Solicitor.