This article is more than 1 year old

Dough! Jobs microsite for UK's data watchdog set hundreds of cookies without visitors' consent

Information Commissioner's Office is very knowledgeable about why that's bad

A strong grasp of data privacy is key for anyone wanting a job at the UK's Information Commissioner's Office (ICO), according to the blurb on its microsite. Just one catch: the site itself enables hundreds of cookies – seemingly without consent.

The gaffe was first spotted by a Reg reader who told us he'd never seen so much cookie tracking on a single site, nevermind one that pertains to an organisation that holds poor data practioners to count.

"I have just discovered that the Information Commissioner's Office jobs microsite, which talks about the importance of GDPR and Data Privacy, and which is currently advertising the new Director of Regulatory Strategy role, sets approximately 204 advertising and tracking cookies, all without consent.

The site (visit at your own risk) is:

Under the EU's General Data Protection Regulation (GDPR), tracking cookies may only be set once the user has given their consent. This means that tracking cookies are not allowed to operate, collect and process user data without the user agreeing to it.

EU parliament photo2 via Shutterstock

Euro data watchdog has 'serious concerns' as to whether EU deals with Microsoft obey GDPR


That is something the ICO is well aware of, with an introductory blurb on the microsite from its head, Elizabeth Denham, stating: "The arrival of a new EU General Data Protection Regulation (GDPR) and UK Data Protection Act in May last year means real change for the rights of UK citizens and for the accountability of organisations processing personal information. It also means huge change for the regulator."

The microsite itself is subcontracted to recruitment firm Hays.

An ICO spokesperson said: "While the Hays microsite does have a privacy policy and cookies policy and explains the cookies in use, we will discuss compliance issues with them and ask for clarification."

A spokeswoman for Hays said: "We recently removed a large number of advertising cookies from across our sites, retaining only a core group, but due to the overlap with a switchover project for our web platform, some of these tags were left live on sites still on the legacy infrastructure, including this microsite. Now that this has been brought to our attention, we have applied the same reduction in cookie usage to the microsite.

"As our privacy policy states, we are currently using browser settings to determine cookie acceptance. We recognise that this approach is no longer recommended in the most recent ICO guidance on cookies.

"In response to the release of this guidance, we initiated an internal project to upgrade our cookie consent mechanisms across our digital estate. We expect to deploy a new solution in the coming weeks which will address your concerns and update our approach to meet the most recent clarifications by the ICO." ®

More about


Send us news

Other stories you might like