ICO to use AI to test website cookie compliance

Continuing its robust efforts to address compliance issues with cookie tracking on websites, The Information Commissioner's Office (ICO) is set to use artificial intelligence to help identify non-compliant websites. So far, its warnings have focused on a website’s ability to offer users impartial options around personalised advertising tracking, emphasising the importance of making it just as easy for users to reject advertising cookies as it is to accept them.  

In December 2023, the data protection regulator issued warning letters to 100 of the UK's most visited websites requesting them to make changes to give users free choices around advertising cookies. 

The regulator expects all websites which deploy advertising cookies or similar technologies to give people a fair choice on their use. To this end, the regulator is now exploring adopting an AI solution to drive its enforcement action further.  

The ICO stated: 

We will not stop with the top 100 websites. We are already preparing to write to the next 100 – and the 100 after that. To accelerate our efforts, we are developing an AI solution to help identify websites using non-compliant cookie banners. We’ll run a ‘hackathon’ event early in 2024 to explore what this AI solution might look like in practice.

How these potential enforcement tools will be rolled out in practice remain to be seen. However, what is clear that the ICO has warned of its continuing powers to clampdown on non-compliant businesses. As such, now is the time for businesses to get their houses in order and ensure compliance with cookie law rules.  

Becky White, our Senior Data Protection Solicitor, comments: 

It’s very easy for companies to get cookie compliance wrong, but as the ICO is making it a clear focus, it’s a risk area which requires prioritisation. Once a company has a compliant process is in place, and relevant staff are aware of how to maintain it, cookie compliance is a relatively low resource box to tick, so it makes sense for companies to tick it sooner rather than later

What can your business do to comply with cookie law rules? 

To avoid any potential issues and build a positive reputation among website users, we recommend businesses: 

Audit your cookie policies: conduct a thorough review of your website's cookie policies to ensure they align with data protection legislation (such as the Privacy and Electronic Communications Regulations) and ICO guidelines and that they are update. 

Update your cookie consent mechanism: make it a priority to provide users with fair and accessible choices when it comes to personalised advertising tracking. Transparency is key in building trust with your audience.  Make sure that the mechanism is effective and that the installation of (non-essential) cookies is being blocked until users have consented.  

Educate your team: ensure that your team is appropriately informed about the latest developments in data protection laws. Create a process and provide training to ensure any changes to the cookies your website or app uses is reflected in your cookie policy and consent mechanism. 

In summary, now is the time for your website to get on top of cookie law compliance. The ICO’s continuing clampdown is a grave warning to businesses to take compliance seriously.  

If the ICO’s proposed AI solution is developed to identify non-compliant cookie banners, it may be that the regulator accelerates its enforcement and penalises businesses quicker.  

A lot of businesses find cookie banners and cookie law compliance difficult to navigate practice. However, prevention is always better than cure and it is far better to achieve compliance now rather than face the threat of regulatory action against your business. Our team of friendly, specialist data protection solicitors can help you implement these points with advice tailored to your business’ requirements, or for additional information, read our FAQs on cookie consent.