ICO’s Autumn 2013 #cookielaw update

Today ICO, the independent UK government agency which oversees the EU cookie law within the UK only, has published their quarterly report toting up the statistics on cookie law complaints filed with them between July and September.

If you’ve been tuning in for a while and have read their Summer 2013 and Spring 2013 reports, as well as their 2012 annual report, you’ll know how this goes.

Interesting data table from ICO's cookie stats reportage page. They received 73 complaints in the quarter, but this table only deals with the "200 most visited sites". For this quarter, that was 25 sites. Is that an admission that the other 48 complaints were guff?
Interesting data table from ICO’s cookie stats reportage page. They received 73 complaints in the quarter, but this table only deals with the “200 most visited sites”. For this quarter, that was 25 sites. Is that an admission that the other 48 complaints were either invalid or so ad-hominem as to not be worth following up?
  • From April to July ICO received 73 cookie law reports. As always, that does not mean 73 valid complaints, 73 different web sites, or 73 sites maliciously shredding site visitors’ privacy. It means they received 73 reports.
  • ICO has a passive-aggressive habit of mentioning the number of complaints they receive about the other issues within their remit every time they discuss the cookie law. Clearly they feel a need to vent frustration about how much they hate having to deal with the cookie law themselves! Today they’ve mentioned that during that same Summer quarter, they received 39,647 complaints about other things; in other words, cookie law complaints were less than 0.02% of what came in.
  • The number of organisations they wrote to about the cookie law over the quarter was nil. In the summer quarter they had written to 30. The total number of organisations written to since October 2012 remains 265. As always, that does not mean 265 organisations committed cookie law breaches, 265 organisations created cookie law threats, or 265 organisations committed privacy violations. It means ICO sent 265 letters sent out. It includes the friendly information letters ICO wrote to many of the 200 most popular web sites in the UK to simply advise them about the law.
  • Of all the web sites reported to ICO which were worth even looking at, ICO currently has possible cookie concerns about one of them. That’s one web site in the entire UK.
  • The number of sites ICO is monitoring due to explicit refusal or absence of satisfactory cookie law compliance remains the same as before: zero.
  • Nearly a year and a half after the law went into effect, not one site has been placed into stage one of the formal enforcement process – an Information Notice – much less gotten to stage four, a Monetary Penalty Notice, as a result of a cookie law complaint.

And so our main numbers for the quarter are: 73, 25, 1, and 0.

Let’s tie up all the numbers so far in an infographic.

2013-10-28_123414

About the author

Heather Burns is a digital law specialist in Glasgow, Scotland. She researches, writes, publishes, consults, and speaks extensively on internet laws and policies which affect the crafts of web design and development. She has been designing and developing web sites since 1997 and has been a professional web site designer since 2007. She holds a postgraduate certification in internet law and policy from the University of Strathclyde. Learn about hiring Heather to write, speak, or consult.