Regulator Issues Privacy Ultimatum to UK’s Top Websites

Written by

The UK’s privacy regulator has warned website owners operating in the country that they face enforcement action if they don’t make urgent changes to comply with data protection law.

The issue relates to advertising cookies – small files that sites place in a user’s browser to remember information about them. While this can improve the browsing experience by remembering saved passwords, cards and shopping cart items, some users don’t want to be tracked and/or served targeted ads.

The Information Commissioner’s Office (ICO) said it wants websites to make it as easy for users to “reject all” advertising cookies as it is to “accept all” – complaining that many sites don’t provide a fair choice. This is in contravention of the country’s GDPR/Data Protection Act 2018 and Privacy & Electronic Communications Regulation (PECR).

The regulator said it has already issued clear guidance on the matter and has now written to the companies running “many of the UK’s most visited websites,” giving them 30 days to comply with the law.

“We’ve all been surprised to see adverts online that seem designed specifically for us – an ad for a hotel when you’ve just booked a flight abroad, for instance. Our research shows that many people are concerned about companies using their personal information to target them with ads without their consent,” explained ICO executive director of regulatory risk, Stephen Almond.

“Gambling addicts may be targeted with betting offers based on their browsing record, women may be targeted with distressing baby adverts shortly after miscarriage and someone exploring their sexuality may be presented with ads that disclose their sexual orientation.”

Read more on cookies: ICO Requests International Support to Tackle Cookie Pop-Ups

The ICO has a range of powers it can levy under the “enforcement action” banner, including assessment notices, warnings, reprimands, enforcement notices and penalty notices.

“Many of the biggest websites have got this right,” Almond concluded. “We’re giving companies who haven’t managed that yet a clear choice: make the changes now, or face the consequences.”

What’s hot on Infosecurity Magazine?