The ICO’s own Cookie Policy is not Compliant with GDPR

Following complaints by users, the UK’s data protection authority admits that its current consent notice relating to the use of cookies on devices failed “to meet the required GDPR standard”.

The issue concerns the automatic placing of cookies on a user’s mobile device when accessing the ICO’s website. Being automatically used essentially deprives users of the option to give consent, which is in breach of Privacy and Electronic Communications Regulations 2003, which sit alongside GDPR.

The ICO acknowledged the mistake and informed users that they will be updating their use of cookies to the GDPR standard of consent.
This discrepancy comes on the heels of an inspection by the European Data Protection Supervisor (EDPS) into the websites of ten major EU institutions and public bodies. This inspection revealed where it was found that seven out of those ten had data protection issues and were either non-compliant with the ePrivacy Directive or failed to follow EDPS guidelines.
The irony hasn’t been neglected by users though who have begun doubting that there is a compliant tool to use in their GDPR efforts.

3 thoughts on “The ICO’s own Cookie Policy is not Compliant with GDPR

Leave a Reply

Your email address will not be published.