ICO’s 2015 cookie law report

Both of the longtime readers of this blog will recall how I used to write posts analysing ICO’s quarterly reports of how many cookie law complaints had been filed with them in that time. (Fill your boots with the Winter 2015 and 2014 aggregated, Autumn 2014, Summer 2014, Spring 2014, Winter 2014, Autumn 2013, Summer 2013, Spring 2013, and 2012 aggregate reports.) This jaunty habit came to an end last spring, when ICO stopped updating their reporting page altogether.

Spring cleaning being what it is, they have now updated the figures for the first time since April 2015. They report that the total number of complaints filed for 2015 was 210. That is up from 2014’s total of 178, down from 2013’s total of 288, and of course way down from the 550 largely pre-loaded complaints created in advance of the law’s implementation date in 2012. That makes a total of 1,325 complaints filed over the life of the law.

UK cookie law complaints filed to ICO
Raw figures not indicative of complaints’ validity
April – June 2012 258
July – September 2012 226
October – December 2012 114
January – March 2013 87
April – June 2013 75
July to September 2013 73
October to December 2013 53
January to March 2014 65
April to June 2014 38
July to September 2014 39
October to December 2014 43
January to March 2015 44
April to June 2015 57
July to September 2015 41
October to December 2015 64
January to March 2016 48
Total 2012-2016
1325

As always, it is important to point out that these are raw aggregate numbers of the number of complaints received. They do not indicate the complaint’s merit or validity. And so, as they have done for the past two years, ICO angrily stated that

It is important to note that many of the concerns we received about cookies did not relate to individual sites or provide any information about specific instances of non-compliance.

In other words, many of these complaints were bunk. ICO has been clear about the amount of time they waste on reports from members of the public abusing the cookie law for personal gripes and revenge vendettas since day one.

It’s also worthwhile to note how ICO always report cookie statistics against the figures of the other areas within their remit. For the 2015 report they note that “In that period we received 161,186 concerns about nuisance calls, text messages and emails.” The message here is clear: 210 vs 161,186 tells a story on its own.

ICO’s compliance and enforcement activity continues to consist of sending friendly, non-threatening FYI letters to organisations whose web sites may have a valid cookie concern reported by the public. (While some cite this as proof of a lack of enforcement activity, the simple fact is they can’t enforce a problem that isn’t there, nor is threatening businesses for its own sake a good way to win friends and influence people.) ICO has written to 371 organisations since October 2012. No further action, such as enforcement notices or monetary penalty fines, have been issued.

And to think that four years ago people were posting compliance warnings featuring clip art of prison cells.

ICO also noticed that they have “recently conducted a Sweep of cookie use on mobile devices and we will publish findings on our website shortly. On the back of this we have contacted 16 organisations specifically in relation to the mobile versions of their website.” That’s 16 organisations across the entire UK, and you can probably guess a few.

If you have strong feelings about the way compliance obligations have impacted your visitor experience and UX, why not add your voice to the industry response to the EU’s consultative review of the cookie law?

Bar chart of raw numbers of complaints filed, 2012-2016

About the author
Heather Burns is a digital law specialist in Glasgow, Scotland. She researches, writes, publishes, consults, and speaks extensively on internet laws and policies which affect the crafts of web design and development. She has been designing and developing web sites since 1997 and has been a professional web site designer since 2007. She holds a postgraduate certification in internet law and policy from the University of Strathclyde. Learn about hiring Heather to write, speak, or consult.