Skip to main content

UK data regulator says its own site doesn't fit GDPR

(Image credit: Image source: Shutterstock/Wright Studio)

The Information Commissioner's Office (ICO) – the UK's data and communications watchdog (and the organisation that issues fines and penalties when businesses are in breach of GDPR), has admitted that its own website is not GDPR compliant.

The embarassing admission came after the ICO was asked about its cookie harvesting practices on mobile devices. The question came after a mobile user spotted that, when accessing the ICO website via mobile, it stores cookies on the visitor's device without explicit consent.

Here's what the Office had to say:

"I acknowledge that the current cookies consent notice on our website doesn't meet the required GDPR standard. We are currently in the process of updating this to align our use of cookies to the GDPR standard of consent and we will be making amendments to this information during the week commencing 24 June."

The wider community was furious, while some were surprised at the level of honesty in display here. 

GDPR, or General Data Protection Regulation, is an EU-wide legislation that regulates how businesses collect, store and share user data. Failure to comply means risking high fines which, in the UK, are being issued by the ICO.

Image source: Shutterstock/Wright Studio