We are calling for views on a new enforcement approach that could unlock privacy-preserving alternatives to the dominant adtech business model. 

The proposals – set out in a call for views on how we apply regulation 6 of the Privacy and Electronic Communications Regulations (PECR) – aim to support innovation by enabling new advertising models that respect user privacy while maintaining revenue streams. 

The ICO is exploring how publishers could deliver privacy-preserving advertising to users who have not given consent, where the risks are demonstrably low. The regulator will continue to enforce consent requirements for the collection of personal information for targeted advertising. 

Stephen Almond, Executive Director of Regulatory Risk said: 

We have also launched an updated consultation on our Storage and Access Technologies (SATs) guidance, revised to reflect changes introduced by the new Data (Use and Access) Act 2025. The Act permits consent-free use of cookies for certain low-risk functions, such as statistical analysis and website improvement. 

We are also commissioning further user research to better understand public attitudes to online tracking and consent, ensuring its regulatory approach is aligned with real-world expectations.  

The call for views on our enforcement approach closes on Friday 29 August, while the SATs guidance consultation closes on Friday 26 September. Responses will inform our final guidance and a formal statement on its updated enforcement approach, due in early 2026. 

You can read more from Stephen Almond in his reflection on "How our online tracking strategy is coming together to provide clarity to businesses and meaningful control for people" and the online tracking strategy progress update.