Out-Law News 3 min. read
30 Jun 2011, 4:42 pm
The ICO placed a request at the top of its website's home page in May in order to comply with new UK laws that require website publishers to obtain explicit permission for cookie use.
That led to a 90% drop in the number of recorded visitors. Visits to the ICO site are only recorded if the user allows site cookies to be placed in their browser.
The drop may be more severe than that which other sites might suffer because visitors to the ICO's site are "more privacy aware", a spokeswoman said.
The ICO published data regarding recorded visitor numbers to its website following a successful freedom of information (FOI) request by web analyst Vicky Brock.
The data covers the period of 5th May until 14th June which spans the period immediately before, during and after the ICO began asking users to agree to the ICO tracking their activity on the site from 25th May.
Since then the ICO has automatically stopped tracking website visitors' activity through cookies. Cookies are small text files that store information about internet users' online behaviour. Websites store the files on users' computers.
New UK regulations which came into affect in May require websites to obtain "informed consent" to cookie tracking. The regulations implement the EU's Privacy and Electronic Communications Directive.
The ICO, which has responsibility for ensuring websites adhere to the new laws, introduced a message on its site on 25th May that asks users directly if they consent to the ICO tracking their activity on the site.
Data from the ICO, published by Brock, showed that recorded visits to the ICO website had fallen on average by 89% and that the number of unique users had fallen on average 91%.
"Ouch, my FOI request shows ICO's measured visits fell 90% after making ... cookies opt-in," Vicky Brock said on Twitter.
Websites cannot record non-consenting users as visitors to their site.
On the ICO website the data protection watchdog explains to users why cookie-tracking is "essential" to operate some elements of the site.
"The ICO would like to use cookies to store information on your computer, to improve our website," the message on the ICO website states.
"One of the cookies we use is essential for parts of the site to operate and has already been set. You may delete and block all cookies from this site, but parts of the site will not work. To find out more about the cookies we use and how to delete them, see our privacy notice," the message states.
Users are then asked to click a box to indicate that they accept cookies from the site.
Websites often rely on visitor number data to attract advertisers and other purposes.
"Perhaps this is a portent of doom for anyone that relies on multiple cookies for tracking, customer service, analytics, advertising," technology blogger Sam Michel said on the Chinwag digital community website.
"The effect is pretty chilling, especially for all those data-reliant real-time advertising and data exchanges who are reliant on free and easy access to this information," Michel said.
"We’re pleased that people who may be concerned about the information collected by cookies can exercise this right when they visit the ICO’s website," said an ICO spokeswoman. "However, this has obviously had an impact on the analytics information that we can use to help us improve the site. There could be a number of reasons for people choosing not to opt in – including that visitors to www.ico.gov.uk are likely to be more privacy aware."
The ICO has previously issued guidance on how websites can comply with the new cookie laws. It said that websites can obtain consent through a number of methods, including asking users to consent through screen prompts.
Less obstructive methods, such as obtaining consent from websites' terms and conditions or users' preference settings were also deemed appropriate by the ICO.
Websites should also determine how intrusive their use of cookies is and find a solution to obtaining consent that best suits their circumstance and adhere to the new regulations, the ICO said.
The Government is working with Mozilla, Apple, Microsoft, Google, Yahoo, Adobe and the Internet Advertising Bureau to deliver an efficient technological solution to obtaining user consent, the Department for Culture, Media and Sport (DCMS) told OUT-LAW in May.
The ICO has given organisations until May 2012 to change their use of cookies to comply with the law before it begins taking enforcement action.
The European Commission has also set a deadline of a year for European companies to create a uniform way for web users to opt out of being tracked by cookies within a year. The Commission has said it will take action if industry does not standardise opt outs in that time.
The UK, Denmark, Estonia, Finland, Sweden and the Netherlands are the only EU countries to have introduced measures implementing the Privacy and Electronic Communications Directive.
Technology law news is also available from Bootlaw, a free resource for technology start-ups, with regular events hosted by Pinsent Masons.
