Cookie consent banners draw complaints

Information Commissioner's Office admits users "unhappy" with cookie warning banners

Nicole Kobie
18 Dec 2012

Web users are "unhappy" with the banners used to gain "implied consent" to meet new cookie laws, the Information Commissioner's Office has admitted in a report.

The data watchdog was tasked with enforcing an EU directive, which stated web users must be asked for consent before a site drops a tracking cookie on their computer.

The law came into force at the end of May, and the ICO said at the last minute that websites would be considered compliant if they prominently warned users that cookies were in use - a solution dubbed "implied consent" that has been used by major many websites, from the BBC to PC Pro, and even the ICO itself.

A significant number of people also raised concerns about the new rules themselves and the effect of usability of websites

Since its reporting tool went online at the end of May until the end of November, the ICO received 550 complaints about websites - an average of three per day, the report revealed.

At the same time, the watchdog received 53,000 complaints about spam texts and marketing calls, which the ICO said suggests "consumers' level of awareness and concern about cookies is relatively low."

The ICO audited 200 of the top sites visited by UK users, and any that had received a complaint via the online reporting tool, saying "almost all" of the sites that had taken "significant" steps to address cookies were relying on an implied consent banner - and that was irritating users.

"The majority of concerns from consumers about these sites related to their use of implied consent," it said, adding that one of the major themes of consumer complaints was that people "are unhappy with implied consent mechanisms, especially where cookies are placed immediately on entry to the site".

"A significant number of people also raised concerns about the new rules themselves and the effect of usability of websites," the ICO admitted.

Of the 550 sites reported, 45% provided some information about cookies, and 84% did ask permission to drop cookies.

Letter of the law

The ICO has already taken action to target sites that have received complaints. This autumn, it conducted a "basic visual audit" of 207 of those sites, finding 43% had obtained consent, 33% had taken "limited steps" to make users aware of cookies, and 23% had done nothing.

The watchdog wrote to 100 sites that had been reported - including PC Pro - alerting them of the complaints and "asking them to ensure they are compliant".

"Having visited your website, we are pleased to note you appear to have taken steps to comply, so we are writing to you at this point for information and to encourage you to check your site is fully compliant," the letter reads. "At this point we have not conducted a thorough audit of your site. This letter does not confirm your site is compliant, or suggest it is not, but is intended to keep you informed."

"We do not require a response to this letter and do not intend to take any further action at this point," the letter adds.

The ICO said it was considering 14 sites for further investigation. One of the sites it wrote to in its original letter campaign in May hadn't taken any steps to meet the rules, and the ICO said it would contact the organisation to set a deadline for compliance - and may "name the site" in order to make consumers aware.

The watchdog added that any action it takes would be "proportionate to the risk to consumers", but said if a company refuses to comply, or its use of cookies is "particularly privacy-intrusive", it will consider using its regulatory powers. Those include fines of up to £500,000, but the ICO said earlier this year that fines would be unlikely.

Read more about: