The Information Commissioner’s Office (ICO) has embarked on a major review of cookie usage and compliance across some of the UK’s 1,000 most-frequented websites as it prioritises giving consumers more choice and confidence in how their data is collected, stored and used.
The regulator has already investigated the top 200 UK websites and said it has found concerns with 134, or 67%, of them – which have been communicated to their owners.
The ICO said it wanted to set out clearly the expectation that website operators must comply with data protection law by giving users meaningful choices and control as to how their data is used.
“Uncontrolled tracking intrudes on the most private parts of our lives and can lead to harm. For example, gambling addicts being targeted with more betting ads due to their browsing history or LGBTQ+ people altering their online behaviour for fear of unintended disclosure of their sexuality,” said ICO executive director of regulatory risk, Stephen Almond.
“Our ambition is to ensure everybody has meaningful choice over how they are tracked online and what we’re publishing today sets out how we intend to achieve that.
“Last year, we saw significant improvements in compliance among the top 200 websites in what was a promising step forward for the industry. Now, we are expanding our focus to the top 1,000 websites – and beyond that to apps and connected TVs.
“We’ll continue to hold organisations to account, but we’re also here to make it easier for publishers to adopt compliant, privacy-friendly business models. By combining advice, guidance and targeted enforcement, we aim to create an environment where businesses can succeed and people can have trust and control over their online experiences,” said Almond.
Meaningful control
The concept of giving end-users meaningful control is one to which the ICO is cleaving in its 2025 strategy, through which it hopes to address the “significant harm” that can occur to ordinary people when online tracking practices are abused or misused.
Complementing this strategy are a number of new measures to support businesses in adopting privacy-friendly practices and business models. These include the publication of draft guidance on tracking people using storage and access technologies such as cookies and fingerprinting; final guidance on the use of so-called consent-or-pay business models to help businesses balance tech innovation and revenue with data protection law; and potential reforms to support the use of new, privacy-preserving adtech, such as contextual models.
Consent-or-pay models
The final guidance on consent-or-pay models – which is now available for organisations to review via the ICO’s website – covers the practice of offering a choice between agreeing to receive personalised, targeted advertising to access a service for free, or paying for the service to avoid these adverts.
In essence, it clarifies how organisations can use these models to give website visitors meaningful control while still supporting their own economic viability. It includes a set of best practices against which organisations should be prepared to assess their models to demonstrate their users have freedom of choice and consent.
“Tracking should work for everyone,” said Almond. “Giving people clear choices and confidence in how their information is used, while enabling businesses to operate fairly and responsibly. Our strategy ensures both.”
#ICO #launches #major #review #cookies #websites
