Cookie consent enforcement – ICO’s latest

Posted on December 19th, 2012 by

The UK Information Commissioner’s Office has quietly published today a report detailing the concerns reported to them, the current picture and the action they are taking as of December 2012 in relation to the cookie consent requirement.

The highlights of the report are as follows:

*   Consumers are unhappy with implied consent mechanisms, especially where cookies are placed immediately on entry to the site.

*   Consumers often complain about the fact that they have not been given enough information generally, and specifically not enough information about how to decline cookies or manage them later.

*   The ICO is continuing to write to websites they receive concerns about – This means that nobody is off the hook.

*   The ICO has also looked at the types of cookie in use – This means that the regulator has the means to investigate and find out about cookie practices on a per site basis.  If a site operator does not have this information, how is that going to look???

*   The provider must ensure that users can see clear and relevant information explaining what is likely to happen while they are accessing the site, and their choices as regards controlling what happens.

*   Failure to comply will result in formal action to ensure compliance, and the ICO may decide to name the site in order to make consumers aware of its use of cookies – In other words, the ICO is not going to sit still.  The prospect of facing enforcement action is there.

*   If an organisation refuses to take steps to comply, or has been involved in a particularly privacy-intrusive use of cookies without telling individuals or obtaining consent, the ICO will consider using formal regulatory powers in line with our criteria set out in the Data Protection Regulatory Action Policy and Guidance on the issue of monetary penalties – This is the clearest threat of enforcement action to date!