‘Reject All Cookies’ Button Now Mandatory in the UK; Noncompliant Sites Will ‘Face the Consequences,’ Says ICO


November 22, 2023

Promo Protect all your devices, without slowing them down.
Free 30-day trial
‘Reject All Cookies’ Button Now Mandatory in the UK; Noncompliant Sites Will ‘Face the Consequences,’ Says ICO

Websites in the UK have 30 days to redesign their cookie prompts to include a clear, straightforward way for consumers to accept or reject all non-essential cookies, keeping in line with current data protection laws.

The Information Commissioner this week issued a warning that some of the UK’s top websites face enforcement action if they fail to include “fair choices over whether or not to be tracked for personalised advertising.”

The warning comes a few months after the ICO issued guidance that organisations must make it as easy for users to “Reject All” advertising cookies as it is to “Accept All”.

“The action is part of our broader work to ensure that people’s rights are upheld by the online advertising industry,” the office says.

Netizens deserve a clear choice

In August, the data protection watchdog clarified that websites can display all the adverts they like, but must not tailor them to an individual if the person chose to reject all tracking.

The ICO is now pressing forward, giving non-compliant websites just 30 days to amend their cookie prompts.

“We’ve all been surprised to see adverts online that seem designed specifically for us – an ad for a hotel when you’ve just booked a flight abroad, for instance,” says Stephen Almond, ICO Executive Director of Regulatory Risk.

Consumers are concerned about companies using their personal information to target them with ads without their consent, the ICO’s research shows.

“Gambling addicts may be targeted with betting offers based on their browsing record, women may be targeted with distressing baby adverts shortly after miscarriage and someone exploring their sexuality may be presented with ads that disclose their sexual orientation,” Almond continues. “Many of the biggest websites have got this right. We’re giving companies who haven’t managed that yet a clear choice: make the changes now, or face the consequences.”

Cookies done right

As an example, the ICO’s own cookie prompt (pictured below) makes the options to reject or accept all cookies extremely clear, offering plenty of context and transparency about the ICO’s data collection via browser cookies.

In July, Bitdefender published a comprehensive guide about data collection through cookies, outlining the various types of cookies stored in our browsers, and when it’s advisable to accept cookies and when it’s not. We wrote at the time:

Advertising cookies are considered the most intrusive, as they’re used to deliver targeted advertisements based on your browsing behavior and interests. They track your activity across multiple websites to build a profile of you, so if you don’t care for personalized advertising, you should block or at least limit these cookies.
If you’ve accidentally accepted cookies you’re no longer sure about, use your browser’s settings menu to clear all cookies, or selectively dump cookies associated with a certain website or browsing session.

The ICO plans to issue an update on this effort in January, and threatens to name-and-shame the companies that have not addressed these concerns.

If you’re concerned about websites abusing data collection technologies, consider using Bitdefender Anti-Tracker, available with Bitdefender Total Security. It’s a lightweight browser extension specifically designed to hide your activity from trackers, increase your online privacy, and reduce the time needed for websites to load. To further protect your online identity from hackers, trackers and snoops, try our powerful Bitdefender VPN.




Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.

View all posts

You might also like