MailOnline waves white flag in ICO war on ad cookies

The Information Commissioner’s Office has claimed a major scalp in its war on illegal advertising cookies by forcing MailOnline – one of the UK’s biggest websites with 24.7 million monthly unique visitors – to change its policy and offer readers a “reject all” button to opt out of online tracking.

Back in November, the ICO found itself at the centre of a storm over its inaction on rogue cookies, amid claims that it was more interested in “PR fluff pieces” and its failure to enforce the basics of the law was both “harmful and an embarrassment”.

The row centred around a complaint filed by Mishcon de Reya senior data protection specialist Jon Baines in September, acting in a personal capacity, and published in the form of an open letter to Information Commissioner John Edwards.

At the time, the ICO rejected the complaint, but within days the regulator had issued yet another warning – its third in sixth months – as it rifled off a barrage of letters, which gave offending but unnamed companies 30 days to ensure compliance or else.

ICO executive director of regulatory risk Stephen Almond, who leads the team responsible for governing emerging technology, says that this offensive has generated “an overwhelmingly positive response” .

In a blogpost, he said that, out of 53 websites which received warning letters, 38 have changed their cookie banners to be compliant – a cohort which appears to include MailOnline, albeit hidden in the site’s privacy policy which was updated yesterday – and four have committed to reach compliance within the next month.

Meanwhile “several” others are working to develop alternative solutions, including contextual advertising and subscription models. The ICO says it will provide further clarity on how these models can be implemented in compliance with data protection law in the coming month.

Almond commented: “We expect all websites using advertising cookies or similar technologies to give people a fair choice over whether they consent to the use of such technologies. Where organisations continue to ignore the law, they can expect to face the consequences.

“We will not stop with the top 100 websites. We are already preparing to write to the next 100 – and the 100 after that.”

To accelerate its action, the ICO is now developing an AI solution to help identify websites using non-compliant cookie banners. Quite why it has taken so long is not known; the Advertising Standards Authority has been using its Active Ad Monitoring AI tool since June 2022.

The ICO is also due to run a ‘hackathon’ event in the coming weeks to explore what this AI solution might look like in practice.

Almond continued: “Our advice to all organisations is to take action now to become compliant. We can already see the ripple effect of our intervention with many organisations making changes to cookie banners without receiving a letter from us.

“And as we’ll be steadily working our way through the list of websites offering services to UK users to give them all the same message, it makes sense to be compliant before the regulator comes knocking.”