CookieLaw Blog December 19, 2012

ICO Publishes Updated Cookie Enforcement Report

Yesterday the ICO published its much anticipated update to its enforcement activity for compliance with the cookies law. It is not as dramatic a document as some had perhaps expected or hoped for.  There are no announcements of big fines. 

It is however a considered opinion on the state of play, and gives some pointers to both their concerns about compliance, as well as the concerns of consumers.

They note that only a small number of consumer complaints have been received about websites – 550 up to 21 November.  To put it in context, this is about 1% of the volume of complaints they got about unwanted text messages and phone calls in the same period.

However, this also has to be taken in the context of the fact that people have a much greater awareness of their ability to complain about the latter activity, and perceive it as more intrusive on their lives.  If they knew better what uses cookies can and sometimes are put to, they might think differently about their level of intrusiveness.

The report goes on to highlight the types of concerns consumers have about cookies, with two themes dominating:

  • people are unhappy with implied consent mechanisms
  • they believe that they are not being given enough information on how to manage cookies.

I think this is not entirely surprising, when you look at how the majority of websites have chosen to interpret ‘implied consent’.

The most common approach is nothing more than an informational banner.  It is a ‘like it or lump it’ message, which is both a minimalistic definition of implied consent and in the long term self-defeating. This type of message highlights to users that there is something they might want to get concerned about, but it does not offer any simple solution to that problem, other than to leave the website.

Some go a little further provide links to information about how to manage cookies via browser controls.  This despite the fact that the ICO clearly stated in its guidance that browser controls are insufficient to be relied upon.  Of the four sites highlighted in the ICO’s report, only one, the BBC website, actually offers visitors the abillity to control cookies simply and easily.

So it is perhaps no wonder that those people who are aware of the law, either feel cheated by it or that all it does is make the website look less well designed.  It does not mean that it is a bad law in and of itself, but that the response to the law by many in the web business has been poor.

Our approach in building our Optanon platform was very different. We decided that site visitors should be given the ability to directly instruct the website what uses of cookies they are prepared to accept, and for the website owner to respond.

We believe this is a true model of implied consent – one which provides clear information, and a chance to act on that in a user friendly way, immediately and in a site specific manner.

What we are finding now is that more website owners are coming round to this view. Privacy concerns among consumers are on the rise, as is the understanding of just how much data is being collected, and collated about them.  

Several surveys this year have highlighted increased concerns, and changes in behaviour with people abandoning websites where they don’t feel their privacy preferences are respected.

If more websites offered choice to consumers – to opt out of using cookies with simple controls, built into the website itself, then much of the concern about the dominant interpretation of implied consent we see now itself may die away. 

This not only builds more trust from visitors, it may serve to reduce pressure to move towards the less business-friendly opt-in model that website owners are really afraid of.

Recent Posts


January 13, 2017
Future of EU Cookie Compliance Webinar: ...

GDPR and now the proposed E-Privacy Regulation mean a stricter regime for cookie compliance, web governance and use of online tracking technologies. Join p...

View Article
Recent blog thumbnail
December 14, 2016
Draft EU ePrivacy Regulation Leaked...

A draft of the proposed legislation to replace the outdated EU ePrivacy Directive was leaked on the Politico.eu (PDF) website this week. The proposal is fo...

View Article
Recent blog thumbnail
November 3, 2016
GDPR Compliance Means Cookie Notices Mus...

Are you one of those people that ticked the cookie law box ages ago and not thought about it since? Well the game has changed and now is the time to re-vis...

View Article
Recent blog thumbnail
September 21, 2016
Optanon Acquired by OneTrust...

We are pleased to announce that Optanon, along with parent company Governor Technology, has been acquired by OneTrust....

View Article

Be in the Know

Subscribe to our newsletter