Our offices are closed between Christmas and New Year, click to see our opening times.

Find out more

Advertising Cookies and Threat of ICO Enforcement Action

Published: February 1st, 2024

7 min read

The ICO (Information Commissioners Office) has warned this week that it will take enforcement action against organisations using advertising cookies on website without consent of users. This follows an earlier announcement at the end of last year, where the ICO wrote to organisations running the UK's top websites and gave them a period of 30 days to ensure that the cookie banners on their websites are legally compliant.

A copy of the announcement made by the ICO is available to view here.

Background

Targeting and advertising cookies are designed to track your online activity and deliver personalised advertisements to you. The use of cookies is governed by the Privacy and Electronic Communications Regulations 2003 (PECR) and the UK General Data Protection Regulation (UK GDPR).

  • The rules set out in PECR and the UK GDPR mean that when using targeting and advertising cookies:

  • The user must take a clear and positive action to give their consent (continuing to use the website will not constitute valid consent);

  • You must inform users about what cookies your website uses and what they do, before the user consents to them being set;

  • If you use third party cookies, you must specifically name the third parties;

  • Pre-ticked boxes or sliders already set to 'accept' will not constitute valid consent; and

  • They must not appear on your landing page or start running before a user has consented to the use of cookies.

ICO Enforcement Action

Back in November 2023, the ICO wrote to the UK's top websites to warn that it had a concerns about the use of advertising cookies on their websites. This included advertising cookies being used on websites without consent, advertising cookies being placed on users before they were given the opportunity to consent and users being unable to reject advertising cookies as easily as they can accept them.

The ICO gave these organisations one month to bring their website's cookie banner into compliance with the requirements of PECR and the UK GDPR. It warned that failure to do so may result in regulatory action.

The ICO has now announced that it is expanding its work to cover a wider range of websites and will be deploying an AI solution to help identify websites using non-compliant cookies banners. Therefore, organisations should be proactive and review their cookies banner to ensure that they are legally compliant.

Analysis

The ICO has received complaints for years about harmful tracking and advertising cookies, for example in cases where self-harm may be promoted and has come under pressure to take action against the UK's top websites where there has often been a complete disregard for the law. Organisations should now being reviewing their cookie banners to ensure that they are legally compliant.

How can we help?

Complete the form opposite, let us know a few details, and one of our team will get back to you shortly. Or you can call us or request a callback.

0800 689 3206 - Monday - Friday: 09:00 - 17:00

Request a call back

Please note that our offices will be closed from midday, Friday 20th December 2024

The offices will be open as usual on Monday 23rd December 2024.

The offices will then be closed from Tuesday 24th December through to Wednesday 1st January (inc), reopening as usual from 2nd January 2025.

The emergency contact number during this time is - 01772 220022 or 01254 675050.

By submitting your enquiry you agree that Forbes can contact you.

© 2024 Forbes Solicitors is the trading name of Forbes Solicitors LLP Offices in Preston, Manchester, Salford, Blackburn, Blackpool, London and Leeds UK Main Office: Rutherford House, 4 Wellington Street (St Johns), Blackburn, Lancashire, BB1 8DD • Vat No: 174 394 344 Forbes Solicitors is authorised and regulated by the Solicitors Regulation Authority (SRA No. 816356). Details of the SRA’s Standards and Regulations can be found here.

This website has implemented reCAPTCHA v3 and your use of reCAPTCHA v3 is subject to the Google Privacy Policy and Terms of Use.