The ICO recently announced its plan to bring the UK’s top 1,000 websites into compliance with applicable data protection law, in relation to their use of cookies. At the time of the announcement, the ICO had already checked 200 websites, and communicated its concerns to 134 of their operators. This suggests a prevalence of non-compliant cookies use. 

The ICO has not publicly confirmed which are the top 1,000 UK websites, but it would be prudent to assume that life sciences companies will appear on the list. At the same time, privacy rights group NOYB (which was responsible for the demise of the Safe Harbor and the Privacy Shield) views non-compliant website cookies as a serious concern, and uses automated mass website scanning to call them out. As a result, there is currently a real possibility of non-compliant website cookies becoming the subject of a complaint. For life sciences businesses, the risk is exacerbated since tracking website visitors may reveal sensitive information about their health, and we would advise companies to review their use of cookies across their websites to ensure that they comply with applicable legislation.

You can read more in our recent advisory.