ICO’s call to action for UK website cookie banners – Technologist

Getting cookie banners right – what does ‘good’ look according to the ICO?

The ICO expects that all websites using advertising cookies or similar technologies give people a fair choice over whether they consent to the use of such technologies.  In particular, website cookie banners should make it as easy to reject non-essential cookies as it is to accept them, according to guidance it issued in August 2023.  In practice, this means providing a choice between accepting or rejecting non-exempt cookies on the first layer of a cookie banner and giving each choice equal prominence.  The type of harm that the ICO is particularly keen to minimise is where cookies choices may have a real impact on an individual’s wellbeing.  It says it will act where harmful design is affecting customers, including for example, where an individual with a gambling problem is “steered to ‘accept all’ cookies” which could mean they are being “continually bombarded with betting adverts”.

Enforcement action on the horizon?

In the words of the ICO “as we’ll be steadily working our way through the list of websites offering services to UK users to give them all the same message, it makes sense to be compliant before the regulator comes knocking”. 

However, although the cookie consent requirements are not new and predate the GDPR, getting cookie consent right is still work in progress for many websites.  For those who continue to disregard the law, the ICO stresses that consequences will follow. It states that its enforcement efforts extend beyond the top 100 websites, and it is gearing up to contact the next 100 and beyond. To expedite these efforts, an AI solution is in development to identify websites with non-compliant cookie banners. A ‘hackathon’ event in early 2024 will explore the practical implementation of this AI solution.

The message from the ICO is clear as it systematically communicates its expectations to websites offering services to users in the UK – now is the time for organisations to assess their own compliance and take steps to address the ICO’s requirements before facing regulatory consequences. 

Whether those consequences will be severe or not remains to be seen, as the ICO will also be aware of the direction of travel of UK law in this context and the stated aim by the UK Government to soften the cookie consent rules.

 

Authored by Katie McMullan and Eduardo Ustaran.

Add a Comment

Your email address will not be published. Required fields are marked *