The UK Information Commissioner’s Office (ICO) has published a report detailing compliance and consumer concerns about use of cookies, following the changes under Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (PECR), which require consent, more transparent notice and opt-out.

In response to more than 550 consumer complaints about implied consent mechanisms and the lack of information provided by website operators, the ICO began surveying website operators on cookie compliance in May 2012. The ICO contacted more than 100 website operators, informing them about the reported consumer concerns and asking them to ensure they are compliant. The ICO’s survey showed that more than half of these website operators had either taken limited compliance steps or no steps at all.

The ICO surveyed UK websites it considered to be among the 200 most visited and found that while many had taken steps to comply, most were not considered to be fully compliant, and of the 200, only one site had failed to take any steps at all. The ICO issued that website operator with a deadline for compliance.

The report illustrates that the majority of websites taking significant steps to make users aware that cookies are in use and obtain necessary consent, are using banners and relying on implied consent. The ICO’s guidance requires informed consent, which requires website operators to provide users with clear and relevant information. The information should be clear enough for users to understand when cookies are necessary because of a user’s request for content or services, and, alternatively, when cookies are optional and a user may opt out.

The ICO was encouraged that “few popular sites appear to fall into the category of not seeking consent to use cookies,” but warned that they are contacting more non-compliant website operators, will continue to monitor compliance, and will use their regulatory powers, including monetary penalties, against companies failing to comply with PECR.