ICO warns that cookie banner enforcement will continue

Julie Rubash, General Counsel and Chief Privacy Officer
February 5, 2024

Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.


Connecticut AG Releases Privacy Enforcement Report

Pursuant to the Connecticut Data Privacy Act (CTDPA), Connecticut Attorney General Tong released a report documenting his office’s enforcement efforts in the six months since the CTDPA went into effect.

The report highlighted four enforcement focus areas:

(1) privacy policies / rights mechanisms, including failure to include a clear and conspicuous link to a webpage enabling consumers to opt out of targeted advertising or the sale of personal data;

(2) sensitive data, citing several examples and reminding that the CTDPA requires businesses to obtain Connecticut residents’ freely given, specific, informed and unambiguous consent before processing such data;

(3) teens’ data, specifically citing an inquiry into the targeted advertising practices of a peer messaging app directed to teens;

(4) and data brokers, citing an inquiry into a data broker that identified an individual for a cremation service marketing list after the individual had recently completed chemotherapy.

The report also included several recommendations for further revisions to the law based on requirements in other states, including a universal deletion mechanism (as will be required under California’s Delete Act) and a right to receive a list of specific third-party recipients of personal data (as will be required in Oregon).  

Read more:

Connecticut enacts privacy law: what you need to know


ICO Warns that Cookie Banner Enforcement Will Continue

After sending warning letters to some of the UK’s top websites in late November, giving them 30 days to bring their cookie banners into compliance, the ICO posted an update on the status of those efforts, including a warning that they won’t stop there.

Of the 53 organisations contacted, 38 changed their cookie banners to be compliant, 4 committed to reach compliance within the next month, and others are working to develop alternative solutions, such as contextual advertising or subscription models.

As next steps, the ICO plans to steadily work their way through the list of websites offering services to UK users. They are also developing an AI solution to help identify websites using non-compliant cookie banners. 


The original warning letters specifically cited that organisations must give users fair choice over whether to be tracked for personalised advertising and must make it as easy for users to “Reject All” advertising cookies as it is to “Accept All’.

In its recent update, the ICO recommended that organisations “take action now” to become compliant, specifying, “we expect all websites using advertising cookies or similar technologies to give people a fair choice over whether they consent to the use of such technologies.”

Read more:

ICO sends warning letters to top UK sites, citing lack of “Reject All”

Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.

Latest Blog Posts

Vermont Data Privacy Bill Is Vetoed

June 17, 2024

Vermont Governor announced his veto of a bill that...

You Are Who You Work With: Cookie Consent and Data Privacy

June 11, 2024

Who you work with for consent management and data...

Texas AG Prepares for “Aggressive Enforcement” of Privacy Laws

June 10, 2024

Texas Attorney General announced a data privacy and security...

Latest White Papers

Benchmark Report: US Privacy Compliance

August 19, 2022

The current state of publisher compliance with CCPA, and...

Ebook: A Publisher’s Guide to Vendor List Curation

December 16, 2021

How to review your vendor list to mitigate compliance...

Keep in touch

Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.

Let's explore what we can do together.

We'll be in touch within 48 hours

[contact-form-7 id="593" title="Schedule a Demo"]