IN A WILD TWIST OF IRONY, the Information Commissioner's Office (ICO) has admitted that its own website isn't GDPR-complaint.
This confession came after Adam Rose, a lawyer at Mishcon de Reya, discovered the privacy screw-up, which saw the ICO relying on "implied consent" to automatically place cookies on mobile devices when visitors accessed its website.
Rose argued that this is was a breach of Article 6 of the Privacy and Electronic Communications Regulations (PECR) 2003, the Telegraph reports. PECR - which sits alongside GDPR - prohibits the storage of, or access to, information held on a user's device unless explicit consent is given.
This is even explained clearly on the ICO's website, where the watchdog warns companies that: "You must tell people if you set cookies, and clearly explain what the cookies do and why. You must also get the user's consent. Consent must be actively and clearly given."
Rose argued that because of the ICO's use of implied consent, which saw cookies used automatically, users were unable to reject their use.
A remarkable admission from @ICOnews - its #cookies consent process has been wrong (‘doesn't meet the required GDPR standard') and it's being urgently changed. [In fact, it's probably not been to the required standard since 2011.] #gdpr #pecr pic.twitter.com/aIFuO0kR4e— Adam Rose (@adam_rose) June 16, 2019
In addition to GDPR-ifying its own website, the ICO said it also be publishing "updated, detailed guidance on cookies for organisations soon." µ
You're not the voice, try and understand it
Not 'Appy bunnies
News reaches us, per Plex