UK ICO Issued a Reminder of How Cookies Should be Used for GDPR


3 min read
UK ICO issued a reminder of how cookies should be used for GDPRUK ICO issued a reminder of how cookies should be used for GDPR

UK regulator ICO is set to play cookie cop for the digital ad industry

"This week, U.K. data protection authority the Information Commissioner’s Office issued a blunt reminder of how cookies should be used under the Privacy Electronics Communications Regulation. The reason: The law has now been updated to mirror the General Data Protection Regulation’s rules on consent." according to Digiday

What we can learn from the reminder from UK ICO?

According to UK ICO:

Only the cookies such as user login credential or make website functional don't need user consent. The cookies such as remarketing and retargeting cookies, Google analytics cookies, A/B testing cookies, etc do need user consent.

UniConsent has the feature to manage all the cookies based on the user's consent status, making sure your site is cookie compliance.

Any marketing website or publishing website need to run cookie auditing to figure out what the cookies are used on your website.

UniConsent runs cookie consent once per day on your website, making sure the cookies list is up to date.

Users need to understand which cookies are running on your website, they need a detailed list of cookies.

UniConsent discloses the cookie list to all the users, you are also able to add custom cookies to the list.

"Pre-ticked boxes (of which there are still many) or any tactic that means users are opted in by default are not allowed for non-essential cookies"

There should be no pre-ticked boxes, making sure you don't drop cookies or fire third-party javascript tags to the user's browser before gaining the consent.

"Users must be given absolute control over what non-essential cookies are dropped on them and these kinds of cookies also can’t be set on landing pages before that user has given consent"

Users should be able to change their mind and consent. UniConsent provides a badge at the bottom of the page allowing users to update their consent.

It is a common mistake that lots of websites drop cookies before getting consent. This even happens on a website installed other CMP.

With UniConsent's consent based tag manager, you can fire third-party tags or drop cookies based on the user's consent.

"Analytics cookies need consent"

You still need to collect consent and CMP if you only have Google analytics tags on your site.

A publisher can not force the user to give consent to access the content. This kind of cookie wall is not valid. The consent should be freely given.

"Relying on a legitimate interest in sending targeted advertising is a hard no"

Targeted advertising cookies are not a legitimate interest of a digital publisher.


Get started to make your website compliant for EU GDPR, US CCPA.

Sign up

Get started to make your website compliant for EU GDPR, US CCPA.

Sign up