Some of the UK’s most visited websites face enforcement action from the data protection watchdog if they do not make changes to allow users to consent to advertising cookies.
The Information Commissioner’s Office (ICO) said some websites do not give users fair choices over whether or not they are tracked for personalised advertising.
The ICO has previously issued guidance to help ensure firms make it as easy for users to reject advertising cookies as it is to accept all – often using consent banners which pop up when a user first lands on a website – but the watchdog has said that some of the UK’s top websites are not complying with data protection law on this issue.
Many of the biggest websites have got this right. We’re giving companies who haven’t managed that yet a clear choice: make the changes now, or face the consequences
Stephen Almond, ICOIt said it had written to a number of firms giving them 30 days to comply or face potential enforcement action.
Under UK data protection law, companies must give users fair choice to opt out of tracking using cookies, which is often then used to serve people personalised adverts online.
Companies are still able to show users adverts when someone has rejected all tracking, but the ads must not be tailored to the person browsing.
Stephen Almond, ICO executive director of regulatory risk, said: “We’ve all been surprised to see adverts online that seem designed specifically for us – an ad for a hotel when you’ve just booked a flight abroad, for instance. Our research shows that many people are concerned about companies using their personal information to target them with ads without their consent.
“Gambling addicts may be targeted with betting offers based on their browsing record, women may be targeted with distressing baby adverts shortly after miscarriage and someone exploring their sexuality may be presented with ads that disclose their sexual orientation.
“Many of the biggest websites have got this right. We’re giving companies who haven’t managed that yet a clear choice: make the changes now, or face the consequences.”
The ICO said it would provide a further update on this work in January, including details of any companies that had not addressed the watchdog’s concerns.
Read MoreEmployee data leaked during British Library cyber attack
Half of adults who chat online with strangers do not check age – poll
Businesses embracing generative AI but fear cyberattacks, survey finds