ICO Consultation on Draft Guidance on the Use of Storage and Access Technologies

ICO Updates Guidance on Storage and Access Technologies: What You Need to Know

The Information Commissioner’s Office (ICO) has launched a consultation on its draft updated guidance concerning the use of storage and access technologies, a critical development for businesses and organisations operating in the digital space.

This update primarily targets compliance with the UK’s Privacy and Electronic Communications Regulations (PECR), ensuring users’ data is protected while giving organisations clear frameworks to follow.

What Are Storage and Access Technologies?

Storage and access technologies refer to tools like cookies and similar mechanisms used by websites and applications to store or retrieve information on users’ devices.

These tools play a vital role in online services, from enabling shopping carts to personalising website experiences.

However, they also raise concerns about user privacy, especially when used for tracking or profiling without adequate transparency or consent.

ICO consultation on the draft updated guidance on storage and access technologies

ICO

Why the Update Now?

The ICO has recognised that the current guidance, published years ago, no longer aligns with the modern digital practices and the expectations of users.

As technology continues to advance, the ways data is collected and used have grown increasingly sophisticated, necessitating updated regulatory clarity.

The draft guidance aims to provide practical advice to organisations on how to comply with PECR when using storage and access technologies, aligning with the UK GDPR.

It reflects ICO’s ongoing commitment to safeguarding individuals’ rights while enabling responsible innovation in the digital sector.

Key Themes in the Draft Guidance

The updated guidance delves into several important areas, including:

• Consent Requirements: The ICO reiterates that consent must be obtained before placing cookies or similar technologies, except where they are strictly necessary for the service requested by the user. Organisations must avoid vague consent requests and ensure users have a real choice.
• Transparency: Clarity is key. The guidance stresses the need to explain to users how their data will be used, avoiding jargon and providing meaningful information.
• Third-Party Involvement: Websites often rely on third-party providers for analytics, advertising, and other services. The ICO highlights the importance of ensuring that third-party tools meet compliance standards, as site owners remain accountable for their use.

Consultation Process

The ICO invites feedback from organisations, practitioners, and the public to ensure the final guidance is practical and balanced.

Stakeholders have until 5 pm Friday 14 March 2025 to submit their comments.

What This Means for Organisations

For businesses relying on digital technologies, this updated guidance presents an opportunity to reassess their practices.

Ensuring compliance is not just a legal necessity—it builds trust with users in an era where data privacy is increasingly valued.