Shorter Reads

Website cookies crumble as they fail to meet legislation

Over a year after the Information Commissioner’s Office introduced new guidelines on website cookies, a large proportion of UK websites are failing to meet the new regulations, leaving website visitors’ data open to abuse and website owners open to significant fines.

 

1 minute read

Published 13 January 2021

Share

Key information

Collyer Bristow warns that, following the closure of businesses during the current and past lockdowns and increasing reliance on online operations, the Information Commissioner’s Office (ICO) is placing a greater focus on website cookies and their compliance.

Cookies are small files that are downloaded onto the devices of website visitors. They enable a website to remember information regarding visitor activity on the site, such as the contents of shopping baskets. They are also commonly used to target advertising at website visitors depending on browsing history or other preferences.

Website owners have been vigilant in meeting GDPR requirements but, in our experience, often overlook cookie policies and practice. Good cookie practice is crumbling leaving website owners open to sanctions.

UK websites may only automatically place onto users’ devices cookies that are strictly necessary,  that is those essential for a website’s core functionality. Any other cookies can only be set if a website user gives consent, which must be freely given and easy to withdraw.

In practice, cookies commonly set by websites, such as analytics cookies, social media plug-ins, adtech cookies, and cookies tracking interactions with marketing emails that link to webpages will need consent before they can be set. Once consent to those cookies has been obtained, website visitors must be able at any time to withdraw that consent as easily as they gave it.

This means that pre-ticked boxes or sliders defaulted to ‘on’ in respect to non-essential cookies, pop-up banners that imply consent is given if visitors continue to browse, or ‘cookie walls’ requiring visitors to agree certain cookie settings before they can access content will be problematic for website owners.

“The ICO also takes a dim view of nudging techniques where, for example, an ‘accept all cookies’ button is much larger or brighter than one that allows visitors to reject certain cookies.”

With CNIL, the French privacy watchdog, having recently fined the supermarket chain Carrefour and its banking division over €3 million for failing to obtain users’ consent before setting advertising cookies, it is clear that cookie compliance is moving up the enforcement agenda for regulators.

Related latest updates
PREV NEXT

Related content

Arrow Back to Insights

Shorter Reads

Website cookies crumble as they fail to meet legislation

Over a year after the Information Commissioner’s Office introduced new guidelines on website cookies, a large proportion of UK websites are failing to meet the new regulations, leaving website visitors’ data open to abuse and website owners open to significant fines.

 

Published 13 January 2021

Associated sectors / services

Collyer Bristow warns that, following the closure of businesses during the current and past lockdowns and increasing reliance on online operations, the Information Commissioner’s Office (ICO) is placing a greater focus on website cookies and their compliance.

Cookies are small files that are downloaded onto the devices of website visitors. They enable a website to remember information regarding visitor activity on the site, such as the contents of shopping baskets. They are also commonly used to target advertising at website visitors depending on browsing history or other preferences.

Website owners have been vigilant in meeting GDPR requirements but, in our experience, often overlook cookie policies and practice. Good cookie practice is crumbling leaving website owners open to sanctions.

UK websites may only automatically place onto users’ devices cookies that are strictly necessary,  that is those essential for a website’s core functionality. Any other cookies can only be set if a website user gives consent, which must be freely given and easy to withdraw.

In practice, cookies commonly set by websites, such as analytics cookies, social media plug-ins, adtech cookies, and cookies tracking interactions with marketing emails that link to webpages will need consent before they can be set. Once consent to those cookies has been obtained, website visitors must be able at any time to withdraw that consent as easily as they gave it.

This means that pre-ticked boxes or sliders defaulted to ‘on’ in respect to non-essential cookies, pop-up banners that imply consent is given if visitors continue to browse, or ‘cookie walls’ requiring visitors to agree certain cookie settings before they can access content will be problematic for website owners.

“The ICO also takes a dim view of nudging techniques where, for example, an ‘accept all cookies’ button is much larger or brighter than one that allows visitors to reject certain cookies.”

With CNIL, the French privacy watchdog, having recently fined the supermarket chain Carrefour and its banking division over €3 million for failing to obtain users’ consent before setting advertising cookies, it is clear that cookie compliance is moving up the enforcement agenda for regulators.

Associated sectors / services

Need some more information? Make an enquiry below.

    Subscribe

    Please add your details and your areas of interest below

    Specialist sectors:

    Legal services:

    Other information:

    Jurisdictions of interest to you (other than UK):



    Enjoy reading our articles? why not subscribe to notifications so you’ll never miss one?

    Subscribe to our articles

    Message us on WhatsApp (calling not available)

    Please note that Collyer Bristow provides this service during office hours for general information and enquiries only and that no legal or other professional advice will be provided over the WhatsApp platform. Please also note that if you choose to use this platform your personal data is likely to be processed outside the UK and EEA, including in the US. Appropriate legal or other professional opinion should be taken before taking or omitting to take any action in respect of any specific problem. Collyer Bristow LLP accepts no liability for any loss or damage which may arise from reliance on information provided. All information will be deleted immediately upon completion of a conversation.

    I accept Close

    Close
    Scroll up
    ExpandNeed some help?Toggle

    < Back to menu

    I have an issue and need your help

    Scroll to see our A-Z list of expertise

    Get in touch

    Get in touch using our form below.



      Business Close
      Private Wealth Close
      Hot Topics Close