ICO sends warning letters to top UK sites, citing lack of “Reject All”

Julie Rubash, General Counsel and Chief Privacy Officer
November 27, 2023

Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.


Colorado Releases Shortlist of Potential Enforceable Universal Opt-out Mechanisms

The Colorado Department of Law released a shortlist of Universal Opt-Out Mechanisms that, if approved, organizations will be required to respect starting July 1, 2024 pursuant to the Colorado Privacy Act.

The shortlist consists of Global Privacy Control (GPC), which must currently be respected under California law, as well as two additional mechanisms: “OptOutCode” and “Opt-Out Machine”.

The shortlist is open for public comment through December 11, 2023, and the final list will be released January 1, 2024. 


Global Privacy Control is currently only available on web browsers, but OptOutCode would send UOOM signals via mobile and IoT devices. Opt-Out-Machine would send opt-out requests via email, primarily to data brokers.   

Read more: Which state laws require respect of Universal Opt-Out Mechanisms? Check our our US State Privacy Comparison Chart.


ICO Warns Companies Failing to Comply with Cookie Guidance

 The UK Information Commissioner’s Office (ICO) has sent warnings to “some of the UK’s top websites” giving them 30 days to ensure compliance with the law.

The warnings cite that websites must give users fair choice over whether to be tracked for personalised advertising and must make it as easy for users to “Reject All” advertising cookies as it is to “Accept All’. 


The ICO issued a joint paper with the Competition Markets Authority (CMA) in August 2023 setting out their shared expectations of how companies should present information and choice to users of digital services and listing several examples of potentially harmful practices.

One such example was including an “allow all” button to consent to non-essential cookies without an equivalent “reject all” (or similar) button to refuse consent with the same ease, at the same layer.

At the same time, the ICO made an announcement on its website warning that the ICO would be assessing cookie banner of the most frequently used websites in the UK and taking action where harmful design was affecting consumers. 

Read more: UK websites urged to add “reject all” button – what that means

Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.

Latest Blog Posts

Vermont Data Privacy Bill Is Vetoed

June 17, 2024

Vermont Governor announced his veto of a bill that...

You Are Who You Work With: Cookie Consent and Data Privacy

June 11, 2024

Who you work with for consent management and data...

Texas AG Prepares for “Aggressive Enforcement” of Privacy Laws

June 10, 2024

Texas Attorney General announced a data privacy and security...

Latest White Papers

Benchmark Report: US Privacy Compliance

August 19, 2022

The current state of publisher compliance with CCPA, and...

Ebook: A Publisher’s Guide to Vendor List Curation

December 16, 2021

How to review your vendor list to mitigate compliance...

Keep in touch

Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.

Let's explore what we can do together.

We'll be in touch within 48 hours

[contact-form-7 id="593" title="Schedule a Demo"]