November 22, 2023 at 05:26AM
The UK’s Information Commissioner’s Office (ICO) is cracking down on website design to ensure that opting out of cookies is as easy as opting in. The ICO has given 30 days’ notice to companies running popular websites in the UK, warning them to comply with data protection regulations or face financial penalties of up to £17.5 million or 4% of their annual worldwide turnover. The ICO particularly highlights the issue of advertising cookies and the need for users to have a clear choice in accepting or rejecting them.
The UK’s Information Commissioner’s Office (ICO) is cracking down on website design and the use of cookies. They are insisting that opting out of cookies must be as easy as opting in. Specifically, they are targeting advertising cookies and stating that users should have the option to “Accept All” advertising cookies or reject them. Even if users reject advertising cookies, they will still see ads, but the ads cannot be tailored to their browsing behavior.
The ICO has noted that some websites are not offering fair choices to users when it comes to personalized advertising and tracking. In August, the ICO issued guidance on harmful designs that can trick users into sharing more personal information than intended. Now, the ICO has notified companies running many of the UK’s most visited sites that they have 30 days to comply with data protection regulations or face enforcement action.
Stephen Almond, the ICO’s executive director of Regulatory Risk, expressed concerns about companies using personal information to target users with ads without their consent. While many companies have made the choice of opting out of cookies simple for users, those who haven’t yet done so are being given a clear choice: make the necessary changes now or face the consequences.
The consequences for non-compliance can be financial. The Information Commissioner has the authority to issue monetary penalties to wrongdoers, up to £17.5 million or 4 percent of the annual worldwide turnover, whichever is higher.
The ICO specifically calls out cookie consent banners as an example of harmful design. According to their guidance, websites should make it as easy to reject non-essential cookies as it is to accept them. Users should have the ability to make an informed choice about consenting to the use of their personal information, particularly for targeted advertising.
In August, the ICO warned that it would assess the cookie banners of the most visited websites in the UK and take action against harmful designs that impact consumers.
Almond emphasized that businesses should take note that if they intentionally design their websites in an unfair and dishonest way, the ICO will not hesitate to take enforcement action.
Cookie consent continues to be a significant topic for lawmakers in the UK and EU. Both entities advocate for clear and unambiguous choice for users, whether it is a yes or no option. The ICO aligns with the EU’s approach to cookie consent. However, there have been proposals to adopt an opt-out system in the UK in 2022, which has added some complexity to the matter.