ICO’s winter 2014 #cookielaw update

The Information Commissioner’s Office, the UK government agency which polices the EU Cookie Law in the UK, has released the statistics on cookie law reports they received in the 4th quarter of 2013. If you’ve been following along, or if you haven’t! – this follows their Autumn 2013, Summer 2013, Spring 2013, and 2012 collected reports.

They preface the statistics by acknowledging that “we have maintained a consumer threat level of ‘low’ in this area due to the very low levels of concerns reported by members of the public.” They back this up by providing a CSV download showing that in the winter quarter they received 52,098 complaints about unsolicited sales calls alone.

During the fourth quarter ICO received a total of 53 submitted complaints. As always, this does not mean there were 53 cookie law violations or privacy issues. It simply means they received 53 submitted complaints. These 53 complaints were a drop of 20 from the autumn quarter (73), 22 from the summer quarter (75), and 34 from the spring quarter (87).

Regarding the 200 most visited web sites in the UK that they receive concerns about – an area where ICO wisely seem to prefer to focus – ICO state that they reviewed 27 of them in the winter quarter. 25 of those sites had no issues. Two have taken limited steps but are not likely to be compliant, but no further action resulted.  ICO does note that “One new frequently visited site has been referred to the PECR Enforcement Team for further consideration.” That’s one site, in the entire United Kingdom. In other words, of the 53 cookie law complaints received in the fourth quarter, only three resulted in a moderately raised eyebrow.

The number of organisations written to regarding cookie law compliance, as with the autumn quarter, was nil. ICO has not felt a need to write any letters since the summer. These letters are not part of any formal enforcement or advisory process. They are simply FYIs.

And so the total number of cookie law complaints made to ICO for all of 2013 was 288. Unlike last year, no further information has been provided on how many of these complaints were considered legitimate or worth further investigation, or which sites were reported. Of those 288 sites, ICO had possible cookie concerns about 11 of them, none of which have amounted to anything.

Consider that one rather crumbled cookie law.

Meanwhile, in actual privacy news…