Earlier this year I reviewed cookie consent on our public website. This was in advance of an audit of the council by the ICO (Information Commissioner’s Office). I discovered that whilst we met most of the requirements, we fell short of full compliance. This came as a bit of a surprise and it spurred me into changing our approach in advance of the ICO audit. I wrote about what I did next on our Digital Services team blog.
I also checked what other councils were doing to try to find some best practice. I found a few good examples, but in general the experience I found wasn’t that great. So I decided to do some wider personal research into cookie consent on council websites.
The background to cookie consent
The initial guidance around cookie consent was rather vague and confusing. As a result websites met compliance but often failed to safeguard privacy.
Cookie guidelines have changed
The good news is that the guidance around cookie compliance is now less ambiguous. The Information Commissioners Office (ICO) has published guidelines on how website owners must comply. The key elements of the guidance are that website owners need to:
- Tell people the cookies are there
- Explain what the cookies are doing and why
- Get a user’s consent to store a cookie on their device
- Make sure users have the means to enable or disable non-essential cookies and make this easy to do
It is the latter guideline that is the real game changer with regards to cookie consent. Website owners now have to provide functionality to enable or disable non-essential cookies. Non-essential cookies have to be withheld on a website before a user has made a choice on whether to accept them.
Website owners also need to consider the user experience of cookie consent. They need to review the approach taken and add information written in plain English.
Reviewing cookie consent across local government
I reviewed cookie consent by checking every council website in the UK (408). I wanted to find best practice and review cookie consent across the sector. Here are the headline figures:
|Cookie guidance||Number of councils meeting the guidance
|Tell people the cookies are there||405||99.26%|
|Explain what the cookies are doing and why||400||98.04%|
|Get the person’s consent to store a cookie on their device||307||75.24%|
|Make sure users have the means to enable or disable non-essential cookies and make this easy to do||146||35.78%|
|Cookie guidance score (0-4)||Number of councils||Overall percentage|
Other user experience issues that I found included:
the cookie banner taking too long to load, often because other popups were also loading
poor colour contrast on cookie links on cookie banners, making them difficult to read
adding cookie details in a PDF rather than listing them on a page
providing insufficient detail about the cookies used on the website
Cookie compliance tips
To conclude here are my top ten cookie consent tips:
- revisit cookie compliance on your website – privacy matters
- read the advice from the ICO and check to see if your website meets PECR guidelines
- consider the user experience and make it easy for users
- consider ways to improve the prominence of cookie information
- test that cookie consent enables users to disable and enable cookies
- review the accessibility of your cookie compliance module
- banners need to be prominent and easy to read
- do not block access until a user accepts cookies
- do not emphasize accepting over rejecting cookies as this is a non-compliant approach.
I am happy to share individual results with local authorities. If this is of interest please contact me. I will aim to review cookie compliance in local government in a year’s time to find out what progress has been made.