Under General Data Protection Regulation (GDPR), organisations are obligated to ask for permission before placing files on a user’s computer. However, the ICO website says its cookies policy operates on the basis of “implied consent”.
The flaw was brought to light by Adam Rose, a lawyer at Mishcon de Reya, after he sent a complaint to the Information Commissioner’s Office (ICO).
Cookies are small tracking files which are used to record information about when users visit a website.
Following the revelation, Information Commissioner said the regulator will be upgrading its cookie tools next week. In addition, the ICO said it would also be publishing “updated, detailed guidance on cookies for organisations soon”.
In an email to Rose, the ICO said: “I acknowledge that the current cookies consent notice on our website doesn’t meet the required GDPR standard,” adding that it was in the “process of updating its procedures to meet GDPR.
- ICO Launches Data Privacy Awareness Campaign
- Facebook Rejected an AI Tool to Tackle Online Hate Speech
- Trans Children’s Charity ‘Deeply Sorry’ for Data Breach
GDPR, which came into effect in May of last year, takes a tough stance in regards to the issue of user consent. Organisations must be clear with consumers about what they are agreeing to when they grant their consent.
Failure to do can result in harsh penalties, which can range from £8.95 million, or 2-4% of an organisation’s annual revenue. Commentators have observed the irony that the regulatory body (the ICO) tasked with enforcing the policy does not comply with it.