ICO hopes to crumble cookie law

Information Commissioner calls for cookie law rethink from EU


The cookie law needs to be amended, the British Information Commissioner has advised the EU, which is examining whether to tweak the ePrivacy Directive alongside wider data regulation changes.

Four years ago, the Information Commissioner's Office (ICO) ordered websites to warn users when they use cookies, code that tracks people as they move around a site and the wider web. The rule meant web users must click away a banner warning about cookie use when they visit a site for the first time, as the vast majority of websites use cookies in some way. 

The ICO's submission to the EU's consultation on the issue says the rules should be tweaked to "achieve a proportionate balance" between privacy rights and "legitimate interests of information society services". 

It suggested the consent model - which has led to the proliferation of nagging cookie warning banners - may not the best method. "There is a case for an exemption or an alternative basis for processing other than consent, particularly in cases where the privacy impact on the individual is minimal," the ICO submission notes.

Advertisement - Article continues below
Advertisement - Article continues below

It added: "Requiring consent for the processing of personal data has not delivered the expected protection for individuals because some personal data must be processed in order for the consent mechanism to operate." In other words, the warning banners themselves use cookies. 

The ICO disagreed with a proposal from the EU to require websites to offer a cookie-free version of their content, as anyone who doesn't want a cookie placed on their device has no option but to stop viewing the page. 

"Revised e-Privacy rules should avoid dictating business models, especially where there is minimal privacy impact for the individual," the ICO noted. 

The EU consultation closed on 5 July, and a new legislative proposal on ePrivacy is expected before the end of this year. 

While the UK has voted to leave the EU, we'll still have to adhere to its data protection laws, the ICO said, in order to continue trading and operating with member states. 

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now

Most Popular

data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
cyber security

If not passwords then what?

8 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020