ICO: ‘Firms have 30 days to sort ad cookies – or else’

cookie 2Just 24 hours after being slated for failing to enforce the laws governing online tracking for advertising, the Information Commissioner’s Office has released a statement claiming it has warned many of the UK’s top websites they face action if they do not make changes, and threatened to name and shame them, too.

The timing will no doubt raise more than a few eyebrows among data protection experts, who only yesterday maintained the regulator’s failure to enforce the basics of the law against is both “harmful and an embarrassment” and that it is more interested in “PR fluff pieces”.

The criticism followed a complaint that MailOnline, which boasts 24.7 million monthly unique visitors, did not offer readers a “reject all” option for advertising cookies.

The new warning, which follows a similar threat in June, and again in August, maintains offending companies have now been given 30 days to ensure their websites comply with the law.

The ICO points out that it has previously issued clear guidance that organisations must make it as easy for users to “reject all” advertising cookies as it is to “accept all”. Websites can still display ads when users reject all tracking, but must not tailor these to the person browsing.

ICO executive director of regulatory risk Stephen Almond said: “We’ve all been surprised to see adverts online that seem designed specifically for us – an ad for a hotel when you’ve just booked a flight abroad, for instance.

“Our research shows that many people are concerned about companies using their personal information to target them with ads without their consent.

“Gambling addicts may be targeted with betting offers based on their browsing record, women may be targeted with distressing baby adverts shortly after miscarriage and someone exploring their sexuality may be presented with ads that disclose their sexual orientation.

“Many of the biggest websites have got this right. We’re giving companies who haven’t managed that yet a clear choice: make the changes now, or face the consequences.”

The ICO says it will provide an update on this work in January, including details of companies that have not addressed its concerns, although it has not said whether this will include any monetary penalties.

One industry source said: “Come January we might be able to tell whether the ICO is actually serious about enforcing this legislation. Given its record, I won’t be holding my breath though…”

Related stories
MailOnline cookie complaint inaction fuels new ICO row
ICO blames limited resources as GDPR action dries up
Online firms face pincer attack on dodgy data tactics 
ICO issues cookie warning despite looming law overhaul
Ministers urged to get ICO enforcement back on track
ICO and Irish DPC ‘among the worst GDPR enforcers’
‘Chicken’ ICO kicks adtech investigation into long grass