ICO warns that cookie banner enforcement will continue

Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.

USA

Connecticut AG Releases Privacy Enforcement Report

Pursuant to the Connecticut Data Privacy Act (CTDPA), Connecticut Attorney General Tong released a report documenting his office’s enforcement efforts in the six months since the CTDPA went into effect.

The report highlighted four enforcement focus areas:

(1) privacy policies / rights mechanisms, including failure to include a clear and conspicuous link to a webpage enabling consumers to opt out of targeted advertising or the sale of personal data;

(2) sensitive data, citing several examples and reminding that the CTDPA requires businesses to obtain Connecticut residents’ freely given, specific, informed and unambiguous consent before processing such data;

(3) teens’ data, specifically citing an inquiry into the targeted advertising practices of a peer messaging app directed to teens;

(4) and data brokers, citing an inquiry into a data broker that identified an individual for a cremation service marketing list after the individual had recently completed chemotherapy.

The report also included several recommendations for further revisions to the law based on requirements in other states, including a universal deletion mechanism (as will be required under California’s Delete Act) and a right to receive a list of specific third-party recipients of personal data (as will be required in Oregon).  

Read more:

Connecticut enacts privacy law: what you need to know

EUROPE

ICO Warns that Cookie Banner Enforcement Will Continue

After sending warning letters to some of the UK’s top websites in late November, giving them 30 days to bring their cookie banners into compliance, the ICO posted an update on the status of those efforts, including a warning that they won’t stop there.

Of the 53 organisations contacted, 38 changed their cookie banners to be compliant, 4 committed to reach compliance within the next month, and others are working to develop alternative solutions, such as contextual advertising or subscription models.

As next steps, the ICO plans to steadily work their way through the list of websites offering services to UK users. They are also developing an AI solution to help identify websites using non-compliant cookie banners. 

TAKEAWAY

The original warning letters specifically cited that organisations must give users fair choice over whether to be tracked for personalised advertising and must make it as easy for users to “Reject All” advertising cookies as it is to “Accept All’.

In its recent update, the ICO recommended that organisations “take action now” to become compliant, specifying, “we expect all websites using advertising cookies or similar technologies to give people a fair choice over whether they consent to the use of such technologies.”

Read more:

ICO sends warning letters to top UK sites, citing lack of “Reject All”

Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.