The UK’s data regulator has admitted not even it is infallible when it comes to complying with General Data Protection Regulation (GDPR) after it was found to have broken the policies.
The Information Commissioner’s Office (ICO) enforces GDPR to make sure businesses across Europe comply with the data protection rules, which came into effect on May 25th 2018.
Adam Rose, a lawyer at Mishcon de Reya, discovered ICO’s fault when complaining about cookies, as he said automatically placing cookies on mobile devices after visitors accessed the website website broke the European laws by, as only “implied consent” was given.
The Telegraph reported how Mr Rose’s email stipulates this was, in fact, also in breach of Article 6 of the Privacy and Electronic Communications Regulations (PECR) 2003. This prevents access to information on an electronic device without explicit consent.
ICO’s website specifically states: “You must tell people if you set cookies, and clearly explain what the cookies do and why. You must also get the user’s consent. Consent must be actively and clearly given.”
However, Mr Rose purported that the watchdog, itself, uses implied consent only as cookies are utilised automatically without a way for users to reject them.
In reply to the email, a spokesperson from ICO acknowledged the fault, admitting its website “doesn’t meet the required GDPR standard”.
It was added that amendments to the website will be made from next week so its use of cookies fall in line with GDPR.
This incident reminds business owners of the importance of complying with GDPR when re-designing and re-writing their website.
For website designers in Surrey, get in touch with us today.