Skip to main content
CLOSE

Charities

Close

Corporate and Commercial

Close

Employment and Immigration

Close

Environmental, Social, and Corporate Governance

Close

Fraud and Investigations

Close

Individuals

Close

Litigation

Close

Planning and Infrastructure

Close

Public Law

Close

Real Estate

Close

Restructuring and Insolvency

Close

Energy

Close

Entrepreneurs

Close

Private Wealth

Close

Real Estate

Close

Tech and Innovation

Close

Transport

Close

20 September 2024

ICO Cookie crackdown

The UK’s independent data protection watchdog has declared war on cookies.

Here’s why the once-loved sweet treat may land you in hot water (or warm milk) with the ICO.

Cookies, when not being eaten, are small files that are downloaded to your computer each time you visit a website. These files can have a number of practical uses for both website users and owners; for example, remembering that password you set on Instagram 10 years ago. However, it’s the more manipulative cookie practices that the ICO is increasingly taking issue with.

Websites need individuals’ consent before placing any cookies that are not strictly necessary for delivering the website to the user. These non-essential cookies are often used by websites to target specific advertising at users based on their browsing history. If you’ve been searching for flights to Rome and suddenly start seeing adverts for hotels in Rome, chances are the website you’re visiting has been working with an advertising network that uses cookies to track your browsing. ‘Did I really consent to that?’ I hear you ask. The answer lies at the heart of the ICO’s crackdown.

When accessing a website for the first time, you will almost always be met with a ‘cookie banner’ prompting you to accept or reject non-essential cookies – or at least, you should be. Last year, the ICO set its sights on the UK’s top 100 websites, investigating each of their cookie banner practices. According to the ICO, ‘a website’s cookie banner should make it as easy to reject non-essential cookies as it is to accept them’. Fifty-three of the top 100 websites did not meet the ICO’s cookie requirements. Warning letters were sent to all 53, giving them a month to rectify their misbehaviour or face enforcement action.

Consent is defined in Article 4(11) of the UK GDPR as:

'any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.'

Essentially, the ICO considers that if you need to jump through hoops to reject non-essential cookies, any decision to accept them is not ‘freely given’ and, therefore, does not constitute valid consent. Without consent, the lawful basis for processing your data disappears, meaning a website may be processing your data unlawfully.

Interestingly, in response to the ICO’s threats, some websites have adopted new methods of obtaining consent, namely the ‘consent or pay’ model. This model provides users with a clear-cut choice: (i) allow the website to process your data, or (ii) pay for the privilege of maintaining your privacy. There is certainly a commercial argument in favour of the model – after all, most of the time, people are free to choose whether they use a website or not. Website owners will argue that running a website costs money, and if they cannot maximize revenue through targeted advertising, they will require some other form of payment.

The ICO has recently concluded a consultation on the ‘consent or pay’ model and is currently reviewing its legality. We expect an announcement from the regulator in the near future.

With Sky Bet reprimanded for using cookies without consent this week, it is clear that the ICO’s cookie crackdown is in full swing. If you are concerned about your website’s use of cookies – or any other Data Protection or Tech matters – and would like friendly, expert advice, our team is here to help. Please get in contact with us.

share on

Latest articles

Our Offices

London
One Bartholomew Close
London
EC1A 7BL

Cambridge
20 Station Road
Cambridge
CB1 2JD

Reading
The Anchorage, 34 Bridge Street
Reading RG1 2LU

Southampton
4 Grosvenor Square
Southampton SO15 2BE

 

Reading
The Anchorage, 34 Bridge Street
Reading RG1 2LU

Southampton
4 Grosvenor Square
Southampton SO15 2BE

  • Lexcel
  • CYBER ESSENTIALS PLUS

© BDB Pitmans 2024. One Bartholomew Close, London EC1A 7BL - T +44 (0)345 222 9222

Our Services

Charities chevron
Corporate and Commercial chevron
Employment and Immigration chevron
Environmental, Social, and Corporate Governance chevron
Fraud and Investigations chevron
Individuals chevron
Litigation chevron
Planning and Infrastructure chevron
Public Law chevron
Real Estate chevron
Restructuring and Insolvency chevron

Sectors and Groups

Private Wealth chevron
Transport chevron