ICO hopes to crumble cookie law

Information Commissioner calls for cookie law rethink from EU


The cookie law needs to be amended, the British Information Commissioner has advised the EU, which is examining whether to tweak the ePrivacy Directive alongside wider data regulation changes.

Four years ago, the Information Commissioner's Office (ICO) ordered websites to warn users when they use cookies, code that tracks people as they move around a site and the wider web. The rule meant web users must click away a banner warning about cookie use when they visit a site for the first time, as the vast majority of websites use cookies in some way. 

Advertisement - Article continues below

The ICO's submission to the EU's consultation on the issue says the rules should be tweaked to "achieve a proportionate balance" between privacy rights and "legitimate interests of information society services". 

It suggested the consent model - which has led to the proliferation of nagging cookie warning banners - may not the best method. "There is a case for an exemption or an alternative basis for processing other than consent, particularly in cases where the privacy impact on the individual is minimal," the ICO submission notes.

It added: "Requiring consent for the processing of personal data has not delivered the expected protection for individuals because some personal data must be processed in order for the consent mechanism to operate." In other words, the warning banners themselves use cookies. 

Advertisement - Article continues below

The ICO disagreed with a proposal from the EU to require websites to offer a cookie-free version of their content, as anyone who doesn't want a cookie placed on their device has no option but to stop viewing the page. 

Advertisement - Article continues below

"Revised e-Privacy rules should avoid dictating business models, especially where there is minimal privacy impact for the individual," the ICO noted. 

The EU consultation closed on 5 July, and a new legislative proposal on ePrivacy is expected before the end of this year. 

While the UK has voted to leave the EU, we'll still have to adhere to its data protection laws, the ICO said, in order to continue trading and operating with member states. 

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Putting a spotlight on cyber security

An examination of the current cyber security landscape

Download now

The economics of infrastructure scalability

Find the most cost-effective and least risky way to scale

Download now

IT operations overload hinders digital transformation

Clearing the path towards a modernised system of agreement

Download now

Most Popular


How to find RAM speed, size and type

24 Jun 2020

Microsoft releases urgent patch for high-risk Windows 10 flaws

1 Jul 2020
Policy & legislation

UK gov buys "wrong" satellites in £500m blunder

29 Jun 2020