Privacy watchdog’s website falls foul of GDPR
THE privacy regulator’s own website does not conform to data protection laws, the authority has admitted.
The Information Commissioner’s Office (ICO) conceded that its use of cookies – tracking files used to record information about website visits – was not up to the standards set by the EU’S strict privacy laws.
The General Data Protection Regulation (GDPR) requires organisations to ask permission before placing these files on a computer, but the ICO’S website says it relies on “implied consent”.
Adam Rose, a lawyer at Mishcon de Reya, uncovered the flaw after complaining to the organisation about cookies. In an email to him, the ICO said: “I acknowledge that the current cookies consent notice on our website doesn’t meet the required GDPR standard,” and adds that it is in the “process of updating” its procedures to comply.
The GDPR came into force more than a year ago, and caused many businesses to spend thousands of pounds updating their systems to ensure that they were compliant. The law is particularly stringent on the issue of consent, which must be unambiguous and given with the consumer’s full knowledge of what they are agreeing to.
Penalties for failing to comply range from €10 million (£8.95m), or 2 per cent of a company’s revenue, to €20million or 4 per cent of its revenue.
Lawyers and industry experts said the policy suggests the authority, which enforces GDPR in the UK, had failed to conform to the standards it was meant to be upholding.
“Given the amount of effort some people go to to comply, it’s deeply ironic that @Iconews are lacking in their cookie policy,” said Simon R Jones, a Cambridge-based developer.
“This shows that even the regulator is not immune from the complexities of getting website notices right,” said Rafi Azim-khan, a partner at Pillsbury Law.
The ICO said it had been “open for some time” about the cookie tools and confirmed it would update them from next Monday.
It added that it would also be publishing “updated, detailed guidance on cookies for organisations soon”.