Accept All Cookies? ICO Prompts Top UK Websites to Make It Clear What Data They Collect from Users

The Information Commissioner's Office (ICO) has announced a major milestone in its push to clean up cookie-consent practices across the UK web.

More than 95 % of the top 1,000 UK websites now pass the ICO’s compliance checks. This gives an estimated 80 % of UK internet users – about 40 million people aged 14+ – greater control over how they are tracked online.

That success follows months of targeted assessments: the ICO evaluated whether sites loaded non-essential advertising cookies only after users made an explicit choice, whether rejecting non-essential cookies was as easy as accepting them, and whether any cookies were dropped without consent.

As a result, 979 websites passed and 564 corrected their practices after intervention. Only 21 remain non-compliant.

Looking forward, the watchdog will continue to periodically test the UK’s top 1,000 websites, ensuring they meet the legal requirements.

Why cookie compliance matters

Many popular websites rely on questionable methods: consent banners designed to nudge users toward “Accept” – or even to silently drop tracking cookies before consent. That makes personalized advertising easier, but at the expense of true user choice.

The ICO’s enforcement signals a turning point: privacy-friendly practices are no longer optional, and refusal must be as easy and effective as acceptance.

For businesses and publishers, this shift also opens the door to “privacy-friendly online advertising models,” giving them a way to monetize content without undermining user trust or running afoul of data-protection laws.

Most netizens accept all cookies blindly

The ICO announcement aligns with the findings in our 2025 Consumer Cybersecurity Survey, which paints a compelling picture of how people actually deal with cookies, consent, and online privacy.

According to our survey, 48% of respondents accept all cookies without reading the consent notice, and 75% either skim or completely ignore the terms — prioritizing speed over privacy.

Source: Bitdefender 2025 Consumer Cybersecurity Survey

This suggests that even as websites improve compliance, many people remain effectively “opt-in by default” because they don’t engage with the complicated cookie choices.

Our report argues that convenience and complacency often collide with real cyber-risk. Even though users worry about scams, identity theft and financial loss, their online habits (like blindly accepting cookies) often make these threats easier.

The ICO’s push is thus vital, yet not enough by itself. Real privacy protection depends not only on websites doing the right thing, but also on users engaging consciously with consent settings.

Advice for consumers

The ICO’s success should encourage more websites to adopt compliant, transparent cookie practices by default. At the same time, the findings of our survey highlight the importance of user vigilance:

• Accepting cookies blindly – even on compliant sites – can still expose users to risks, especially when trackers are involved.
• Coupled with other weak practices such as reused passwords and lack of device security, cookie complacency can compound vulnerability.
• Enabling privacy settings and treating consent seriously remain critical steps toward staying safe online.

“Going forward, following our consultation earlier this year, we are continuing to work with a range of stakeholders to help us understand whether publishers could deliver privacy-friendly online advertising to users who have not granted consent, where there is a low risk to their privacy,” the ICO said. “We are working with government to explore how it could amend legislation to reinforce this. The next update on our work will be provided in 2026.”

You may also want to read:

Bitdefender Releases 2025 Consumer Cybersecurity Survey

Teen Hackers Responsible for Most UK School Cybersecurity Incidents, ICO Warns

UK Cracks Down on Scammers Spoofing Your Phone Number