UK commissioner warns top websites: allow “Reject All” cookies or else

Websites in Britain have 30 days to ensure that they allow users to “Reject All” advertising cookies in the same way they can “Accept All.” Those who fail to comply with data protection laws will “face enforcement action.”

Britain’s Information Commissioner’s Office (ICO) set a deadline for the country’s top websites to comply with data protection laws.

“Some websites do not give users fair choices over whether or not to be tracked for personalized advertising. The ICO has previously issued clear guidance that organizations must make it as easy for users to “Reject All” advertising cookies as it is to “Accept All,” the press release reads.

Companies running many of the UK’s most visited websites received written warnings from the regulator to make the cookie changes, giving them 30 days to ensure compliance.

Websites can still display adverts when users reject all tracking but must not tailor these to the person browsing.

“Many of the biggest websites have got this right. We’re giving companies who haven’t managed that yet a clear choice: make the changes now, or face the consequences,” said Stephen Almond, ICO Executive Director of Regulatory Risk.

The regulator's research reveals that many people in Britain are concerned about companies using their personal information to target them with ads without their consent.

We’ve all been surprised to see adverts online that seem designed specifically for us – an ad for a hotel when you’ve just booked a flight abroad, for instance,” Almond explained. “Gambling addicts may be targeted with betting offers based on their browsing record, women may be targeted with distressing baby adverts shortly after miscarriage, and someone exploring their sexuality may be presented with ads that disclose their sexual orientation.”

A detailed update on companies that have not addressed ICO’s concerns will be provided in January.

Back in August 2023, the ICO warned website owners that it’s time to end damaging design practices that harm users, urging them to stop making certain options easier to find or steering users to make a particular choice in other ways.

Numerous popular websites in the United Kingdom, including The Times and The Guardian, do not provide a single-click option to refuse cookies, usually, they redirect users to a settings page, The Record checked.

Cookie consent pop-ups, intended to give users more control, were introduced in accordance with European Union legislation, such as the General Data Protection Regulation (GDPR). The UK kept the same laws after Brexit.

The ICO’s move comes after TikTok was slapped with a $5.4m fine for its cookies policy in France. French personal data regulator CNIL said TikTok cookie policy was being pushed onto users without due explanation.