Stephen Almond, Executive Director, Regulatory Risk, leads the ICO’s team responsible for anticipating, understanding and shaping the impacts of emerging technology and innovation on people and society.
Last November we wrote to 53 of the UK’s top 100 websites, warning that they faced enforcement action if they did not make changes to advertising Cookies to comply with data protection law.
We’ve had an overwhelmingly positive response to our call to action. Of the 53 organisations we contacted, 38 organisations have changed their Cookies banners to be compliant and four have committed to reach compliance within the next month.
Several others are working to develop alternative solutions, including contextual advertising and subscription models. We will provide further clarity on how these models can be implemented in compliance with data protection law in the next month.
We expect all websites using advertising Cookies or similar technologies to give people a fair choice over whether they consent to the use of such technologies. Where organisations continue to ignore the law, they can expect to face the consequences.
We will not stop with the top 100 websites. We are already preparing to write to the next 100 – and the 100 after that.
To accelerate our efforts we are developing an AI solution to help identify websites using non-compliant cookie banners. We’ll run a ‘hackathon’ event early in 2024 to explore what this AI solution might look like in practice.
Our advice to all organisations is to take action now to become compliant. We can already see the ripple effect of our intervention with many organisations making changes to cookie banners without receiving a letter from us.
And as we’ll be steadily working our way through the list of websites offering services to UK users to give them all the same message, it makes sense to be compliant before the regulator comes knocking.