Search

How can we help?

Icon

Are we suffering from cookie fatigue?

An over-indulgence in Easter treats might not be the only cookie fatigue that individuals will suffer this year according to the Information Commissioners Office (ICO).

What is cookie fatigue?

It is not unusual for internet users to be flooded with various cookie pop-ups that restrict access when trying to visit online websites. As such, there are increasing concerns that individuals are clicking “I agree” to these pop-ups without really understanding what they are agreeing to.

So what is a cookie? Cookies contain a small amount of information which a provider of an online service can implant onto the terminal equipment of an individual’s device when they visit a website. When this data can be linked to a name, address or email it will amount to personal data.

What are the ICO’s comments and suggestions on tackling cookie fatigue?

Cookie fatigue can lead to a loss of control over users personal data and the ICO has suggested that individuals should be able to control their own privacy settings on website browsers, software applications and personal device settings, instead of through repeated pop-ups every time a website is visited. Not only is this suggestion already technologically possible, it is also compliant with the relevant data protection laws and can save organisations both time and costs, as well as improve overall user experience.

Jesse Akiwumi

Trainee Solicitor

View profile

+44 118 960 4662

Cookies contain a small amount of information which a provider of an online service can implant onto the terminal equipment of an individual’s device when they visit a website.

The ICO has made various statements regarding cookies and the rising risk of cookie fatigue;

  • In 2021, the ICO called on the G7 data protection authorities to help to tackle this issue.

The ICO believes that the G7 authorities can play a major role in encouraging technology firms and standards organisation to develop privacy-oriented solutions worldwide.

  • In August 2023, the ICO worked alongside the Competition and Markets Authority (CMA) to jointly publish a blog and position paper.

The paper calls for organisations to stop using harmful website design practices which can mislead users into giving more personal data than they would have intended. Examples of these harmful techniques include bundling privacy choices together in ways that push users to share more data than they would like. Both the ICO and the CMA made it clear that organisations must make it as easy for users to ‘Reject All’ advertising as it is to ‘Accept All’.

  • In November 2023, the ICO warned some of the UK’s most visited websites to make cookie changes.

The ICO published a statement announcing that is has written to numerous companies to warn them of potential enforcement action if they fail to give individuals fair choices over whether or not to be tracked for personalised advertising.

The companies were given 30 days to comply. The ICO published an update in January this year stating that 38 out of the 53 organisations that were contacted have changed their cookie banners to be more complaint. The ICO announced that it will not stop here and are already planning to write to other websites and organisations that continue to ignore the law. The ICO will also run an event early this year to explore and develop an AI solution to help streamline the identification process of websites that use non-compliant cookie banners and have encouraged websites to ‘be compliant before the regulator comes knocking’.

What other developments have been made?

During the European Data Protection Board’s (EDPB) latest plenary in December 2023, the EDPB adopted a letter in response to the European Commission regarding the cookie pledge voluntary initiative.

The cookie pledge is a voluntary business pledge to simplify the management of cookies and personalised advertising choices by consumers. Alongside the draft principles, the pledge requires that once consent has been refused it should not be asked again for a year. The pledge was developed in response to, and aims to address, concerns regarding cookie fatigue.

Clarkslegal has a team of specialist privacy and data protection lawyers providing expert guidance on a range of data protection issues to achieve compliance. Please do not hesitate to contact our data protection team.

About this article

Disclaimer
This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.

Jesse Akiwumi

Trainee Solicitor

View profile

+44 118 960 4662

About this article

Read, listen and watch our latest insights

art
  • 04 November 2024
  • Privacy and Data Protection

FAQs – Data Subject Access Requests

Any individual who may be identified from any form of document, whether directly or indirectly, is a data subject.

art
  • 29 October 2024
  • Privacy and Data Protection

The ICO’s 2024-2025 priorities for protecting children’s personal information online

The Information Commissioner Officer (the “ICO”) has set out its 2024-2025 priorities for protecting children’s personal information online.

art
  • 12 September 2024
  • Privacy and Data Protection

2024 in review: tracking key data protection developments

As we approach the final quarter of 2024, it’s an opportune moment to revisit the data protection trends and developments that were anticipated at the end of 2023. Now, let’s see how those predictions have played out.

art
  • 02 September 2024
  • Employment

Social Media – how private is your personal data

Nowadays most people have at least one social media account. Whether it’s Facebook or TikTok, X, or LinkedIn, most adults have an online presence.

art
  • 29 August 2024
  • Privacy and Data Protection

What a controller or a processor needs to know…in a nutshell

Data processing agreements are a common feature of contracts for the supply of services, for example often featuring as self-contained schedules to master services agreements.

Pub
  • 20 August 2024
  • Privacy and Data Protection

Data Protection unlocked for HR: How to ensure compliance?

In the second episode of the ‘Data Protection Unlocked for HR’ podcast series, Harry Berryman and Shauna Jones, members of the Clarkslegal data protection team, share invaluable insights on how HR can ensure compliance, safeguard employee data, and maintain privacy standards.