ICO sends warning letters to top UK sites, citing lack of “Reject All”

Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.

USA

Colorado Releases Shortlist of Potential Enforceable Universal Opt-out Mechanisms

The Colorado Department of Law released a shortlist of Universal Opt-Out Mechanisms that, if approved, organizations will be required to respect starting July 1, 2024 pursuant to the Colorado Privacy Act.

The shortlist consists of Global Privacy Control (GPC), which must currently be respected under California law, as well as two additional mechanisms: “OptOutCode” and “Opt-Out Machine”.

The shortlist is open for public comment through December 11, 2023, and the final list will be released January 1, 2024. 

TAKEAWAY

Global Privacy Control is currently only available on web browsers, but OptOutCode would send UOOM signals via mobile and IoT devices. Opt-Out-Machine would send opt-out requests via email, primarily to data brokers.   

Read more: Which state laws require respect of Universal Opt-Out Mechanisms? Check our our US State Privacy Comparison Chart.

UK

ICO Warns Companies Failing to Comply with Cookie Guidance

 The UK Information Commissioner’s Office (ICO) has sent warnings to “some of the UK’s top websites” giving them 30 days to ensure compliance with the law.

The warnings cite that websites must give users fair choice over whether to be tracked for personalised advertising and must make it as easy for users to “Reject All” advertising cookies as it is to “Accept All’. 

TAKEAWAY

The ICO issued a joint paper with the Competition Markets Authority (CMA) in August 2023 setting out their shared expectations of how companies should present information and choice to users of digital services and listing several examples of potentially harmful practices.

One such example was including an “allow all” button to consent to non-essential cookies without an equivalent “reject all” (or similar) button to refuse consent with the same ease, at the same layer.

At the same time, the ICO made an announcement on its website warning that the ICO would be assessing cookie banner of the most frequently used websites in the UK and taking action where harmful design was affecting consumers. 

Read more: UK websites urged to add “reject all” button – what that means

Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.