The UK’s data protection regulator has reported success in its efforts to clamp down on websites that fail to obtain users’ consent before tracking and profiling them for targeted advertising purposes. Despite concessions, some modifications introduced by the intervention have led to the adoption of a contentious type of paywall, which requires customers to either pay a fee to access content or consent to being tracked and profiled for targeted advertising purposes.
The Information Commissioner’s Office has not disclosed the identities of websites that have transitioned to a pay-or-consent model, following its inquiries about their use of monitoring cookies. Despite this, it has taken names and shamed some companies for failing to comply with the relevant cookie guidelines.
The UK’s Information Commissioner’s Office (ICO) has issued a formal warning to Bonne Terre, the company behind Sky Betting and Gaming, after discovering that it had been illegally processing customers’ personal data without their consent as of Tuesday in its native time.
The numerous detrimental consequences that data-driven monitoring can have for vulnerable individuals struggling with addictive tendencies, explaining why the Information Commissioner’s Office publicly rebuked an entity within the gaming industry.
From January 10, 2023, to March 3, 2023, Sky Betting and Gaming was processing individuals’ private information and sharing it with marketing expert firms as soon as users accessed the SkyBet website – before they even had the option to accept or reject marketing cookies, according to a press release from the ICO. “This could result in their personal data being exploited to serve targeted ads without their explicit consent or knowledge.”
The regulator told TechCrunch that it chose a reprimand over a sanction in this case, as it deemed this approach a proportionate use of its powers – “based on what will achieve the best outcome, in addition to being aligned with our priorities and limited resources.”
“On this occasion, our consideration of Bonne Terre’s proactive approach to the ICO and subsequent efforts to boost compliance led us to determine that a reprimand was the most proportionate measure,” said James Huyton, ICO spokesperson.
The UK’s Information Commissioner’s Office (ICO) has issued a reprimand as part of its ongoing efforts to address concerns surrounding the lack of informed consent in cookie tracking practices. The UK’s regulatory body recently published findings from an assessment conducted on its “top 100” websites, revealing “concerns” that over half of these websites were deploying promotional cookies without proper transparency or consent. The UK’s data regulator sends warning letters to 53 websites, threatening enforcement action if they fail to comply with new cookie consent rules under the General Data Protection Regulation (GDPR). The Information Commissioner’s Office (ICO) notes that its efforts at outreach have contributed to a decline in non-compliant cookie banner usage.
The regulator declined to confirm the identities of the opposing websites contacted during this cookie compliance sweep. The Information Commissioner’s Office (ICO) reported that 52 websites modified their methods for obtaining user consent for monitoring following its outreach efforts. According to the International Communications Office (ICO), a significant variety of changes have emerged, alongside an increasing trend towards “pay-or-consent” models on certain websites – where visitors are restricted from accessing content unless they agree to be tracked or opt for an alternative payment method.
While pay-for-consent remains a contentious issue, it currently operates outside the purview of EU-approved regulations, drawing concerns from privacy and consumer advocacy groups alike. Meta’s implementation of paid-for-consent can be problematic. The Information Commissioner’s Office (ICO) refused to disclose whether Meta was just one of several website owners approached regarding cookie consent.
Following the release of findings from its cookie banner sweep, Stephen Bonner, the Information Commissioner’s Office (ICO) deputy commissioner, stated that the intervention resulted in 99 out of the top 100 UK websites either offering a substantial alternative to traditional cookie promotion or modifying their practices to obtain individuals’ consent. This ambiguity must be clarified: Is it a choice between two options or a combination of both?
Without presenting concrete metrics, Bonner’s claim remains unsubstantiated and unclear as to the specific impact of the ICO on UK internet users’ consent choices. The Information Commissioner’s Office has observed various modifications implemented by websites, including the introduction of a “reject all” button on some sites previously lacking one; others have made their “accept all” and “reject all” buttons equally distinguishable; while others have introduced options such as “consent or pay,” a business model whose legality is currently under review by the ICO.
To comply with the UK’s General Data Protection Regulation, based on the EU framework of the same name, it is recommended to present website visitors with an option to either accept or decline tracking. Websites that disregard user consent, exemplified by tactics such as presenting customers with no option but to accept monitoring or making it exceedingly easy to click on an “accept” button while concealing the refusal choice several menus deep within confusingly phrased settings, should be held accountable for non-compliance. However, far too often they’ve managed to get away with exploiting manipulative tactics to extract unwarranted consent.
Shouldn’t the Information Commissioner’s Office (ICO) be held accountable for its role in allowing adtech to operate unchecked, considering it has spent years turning a blind eye to the industry’s unregulated data collection practices? The agency failed to take definitive action on its own concerning the industry’s data-gathering practices, as outlined in a previous report – closing a complaint without making a formal ruling, for instance, instead opting for soft peddling and trade engagement over robust enforcement.
The cookie sweep’s conclusion in its final year seems eerily reminiscent of the ICO’s belated attempt to regain momentum, having granted adtech players a prolonged period of leniency on compliance issues. As a result, concerns surrounding the “pay or consent” approach may escalate further, potentially fueled by the very measures designed to curb their proliferation. While intriguing, consider how this editor evaluates website calls to shame others lacking clear yes/no options for users, whose names remain unknown.
The UK’s Information Commissioner’s Office (ICO) has taken swift action by publicly rebuking Sky Betting, in addition to issuing a rebuke and loss of reputation to gossip website Tattle Life, which was one of only 53 websites contacted by the ICO that failed to engage with its outreach efforts. The company is set to launch a probe into its cookie usage practices and the glaring omission in registering with the Information Commissioner’s Office (ICO).
While some websites have transitioned to deploying ‘consent or pay’ cookie banners, this approach effectively denies net customers the freedom to refuse monitoring without compensation.
Last year, tech giant Meta entered the fray, deciding to arm-twist user consent for its ad monitoring on Facebook and Instagram by introducing a pay-or-play paywall on its formerly free-to-access social platforms. Since then, a growing number of UK information websites have emulated this strategy – with “pay or access” barriers now appearing on previously free-to-visit ad-supported journalism.
We sought the Information Commissioner’s Office (ICO) views on the proliferation and rise of ‘pay or consent’ tactics, particularly in light of Meta’s adoption of this approach, and a spokesperson referred us back to earlier comments made by Bonner, who stated: “Following our engagement with Meta, we are reviewing how UK data protection legislation would apply to any potential ad-free subscription service.” Before introducing a subscription service for UK customers, we will proactively anticipate and assess potential knowledge safety concerns that may arise, ensuring careful consideration by Meta.
Earlier in the year, the ICO indicated it aimed to provide an initial perspective on the approach, but it has yet to publish a clear public statement. In the regulatory limbo that exists between black and white, a proliferation of ‘pay to play’ models is emerging.
Here: “On the topic of consent and data privacy, our guidance was straightforward: companies needed to be more transparent in their dealings with the public, providing users with a clear understanding of how their information is used and shared on their websites.” Several companies employed diverse approaches to obtain consent, akin to the “consent or pay” method, which we are currently examining as a business model after our meeting scheduled for early 2024. As we embark on a journey to chart our course for the year’s end. Meanwhile, we will proceed to observe and analyze the recent developments.
