Skip to main content
Sign up to updates

Christmas Cookies : are you up-to-date and compliant?

The UK Information Commissioner’s Office (ICO) considers that certain websites are not providing users with fair choices as to whether or not they are tracked for personalised marketing purposes. The ICO has written to a number of companies operating some of the UK’s most visited websites to review their compliance with data protection laws when using cookies. Companies that receive this communication from the ICO have 30 days to update their websites to bring them into compliance with the law.

Organisations who have not received a notice would be well advised to take steps now to ensure your websites are compliant – before the ICO’s investigatory spotlight turns on your sector!

To help, here is a quick recap on the requirements for cookies.

As per the ICO guidelines, you must be transparent with your use of cookies:

  1. It must be as easy to opt out as it is to opt in.
  2. Do not rely on browser settings: you should not assume that every visitor can configure their browser settings to correctly reflect their preferences in relation to the setting of cookies.
  3. Consent must be separate from other matters and cannot be bundled into terms and conditions or privacy notices.
  4. You should obtain consent by giving the user specific separate information about what they are being asked to agree to and providing them with a way to accept by means of a positive action to opt-in.
  5. Message boxes such as banners, pop-ups, message bars, header bars or similar techniques are one option for you to achieve compliance. However, you need to consider their implementation carefully, particularly in respect of the user experience. For example, a message box designed for display on a desk- or laptop may be hard for the user to read or interact with when using a mobile device, meaning that the consent could be invalid.
  6. Electronic consent requests must not be unnecessarily disruptive: consider how you go about providing clear and comprehensive information without confusing users or disrupting their experience.
  7. Long lists of checkboxes might seem like a way to make your consent mechanism appropriately granular, but this approach carries different risks in that your users may simply not interact with the mechanism or may not understand the information you’re providing. Again, this makes the consent invalid.
  8. Follow the guidance on the ICO website: How do we comply with the cookie rules? | ICO

For more information – we have been invited to co-author an article with specialists in marketing data analytics, to provide more detailed guidance on the technical and legal issues around the use of cookies. Look out for our article in the New Year: 2024 Cookie Consent Compliance: Mastering the Dos and Don’ts.



Greenwoods Legal LLP is a Limited Liability Partnership, registered in England, registered number OC306912. Our registered office is Queens House, 55-56 Lincoln’s Inn Fields, London, WC2A 3LJ. A list of the members’ names is available for inspection at our offices in Peterborough, Cambridge and London. Authorised and regulated by the Solicitors Regulation Authority, SRA number 401162. Details of the Solicitors’ Codes of Conduct can be found at All instructions accepted by Greenwoods Legal LLP are subject to our current Terms of Business. VAT Reg No: 161 9287 89.

    By completing and submitting this form, you consent to Greenwoods Legal LLP processing your personal data to provide you with the email update services you have selected and any other materials and information about our services that Greenwoods Legal LLP reasonably believes will be of interest to you. You are free to withdraw your consent at any time by emailing