CookieLaw Blog December 4, 2014

Ignoring Do Not Track Risks Cookie Law Compliance

The UK’s most used cookie law compliance model is not compliant if Do Not Track requests are ignored by websites setting tracking cookies, according to the UK Information Commissioners Office (ICO) case work team.

In a response to a question posed about a common website set up, we have been told: “a website must act on the DNT request in order to comply”.

More details of the exchange are below, but in short this means that most websites in the UK are running a significant compliance risk, even if the regulator’s current priorities make the chances of enforcement action pretty slim at the moment.

One of the reasons that cookie notices are disliked by visitors is that most of them simply say that cookies are in use and continuing on the site is deemed to be consent for this.

The reason this can be interpreted as valid under the law, is that it contains a clause stating that consent can be signified through browser settings. 

 “For the purposes of paragraph (2), consent may be signified by a subscriber who amends or sets controls on the internet browser which the subscriber uses or by using another application or programme to signify consent.”

Therefore if the site says ‘ you can change your browser to block cookies’ it essentially puts the responsibility back on the user, without having to make any changes to the site itself – which for the owner avoids costs.  Users can directly block cookies, so it they don’t, then this logic states that consent can be implied by the non-action.

This is a pretty loose interpretation of the law at the best of times, but is one widely used by websites to claim they are compliant, without offering any real user choice.  Most users don’t take change cookie settings because doing so gives you a terrible user experience on most websites – and often results in a lot of lost functionality.

Recent Posts


January 13, 2017
Future of EU Cookie Compliance Webinar: ...

GDPR and now the proposed E-Privacy Regulation mean a stricter regime for cookie compliance, web governance and use of online tracking technologies. Join p...

View Article
Recent blog thumbnail
December 14, 2016
Draft EU ePrivacy Regulation Leaked...

A draft of the proposed legislation to replace the outdated EU ePrivacy Directive was leaked on the Politico.eu (PDF) website this week. The proposal is fo...

View Article
Recent blog thumbnail
November 3, 2016
GDPR Compliance Means Cookie Notices Mus...

Are you one of those people that ticked the cookie law box ages ago and not thought about it since? Well the game has changed and now is the time to re-vis...

View Article
Recent blog thumbnail
September 21, 2016
Optanon Acquired by OneTrust...

We are pleased to announce that Optanon, along with parent company Governor Technology, has been acquired by OneTrust....

View Article

Be in the Know

Subscribe to our newsletter