British data watchdog brings cookies to G7 meeting – pop-up consent requests, not the delicious baked treats
Why are they asking G7 to do their job for them, muses critic
Cookies are on the menu today for the G7 as the UK's Information Commissioner's Office (ICO) proposes to the group of leading global economies that consent pop-ups should be reduced.
The ICO said it would call on fellow G7 data protection and privacy authorities – three of which used to be its fellow EU member states – to work together to overhaul cookie consent pop-ups to make people's privacy "more meaningfully protected" and help businesses offer "a better web browsing experience."
Information commissioner Elizabeth Denham, who is set to chair today's virtual meeting of G7 data protection authorities, plans to present an idea on how to improve the current cookie consent mechanism, making web browsing smoother and more business-friendly while better protecting personal data, an official statement said.
People automatically select "I agree" when presented with cookies pop-ups on the internet, she argued, so they don't have meaningful control over personal data.
Denham, whose role is to uphold information rights in the public interest, said the "cookie mechanism is also far from ideal for businesses and other organisations running websites, as it is costly and can lead to poor user experience."
The EU's ePrivacy Directive, transposed into UK law since 2012 via the Privacy and Electronic Communications Regulations (PECR), states that no cookies and trackers must be placed before prior consent from the user, besides those necessary for basic website function.
Denham called on her G7 colleagues to use their convening power to engage with technology firms and standards organisations to develop a coordinated approach to this challenge.
The current ICO is to be replaced by New Zealand Privacy Commissioner John Edwards, the British government's preferred candidate to become the UK's next Information Commissioner.
- Google updates timeline for unpopular Privacy Sandbox, which will kill third-party cookies in Chrome by 2023
- Google has second thoughts about cutting cookies, so serves up CHIPs
- ALPACA gnaws through TLS protection to snarf cookies and steal data
- Cracked copies of Microsoft Office and Adobe Photoshop steal your session cookies, browser history, crypto-coins
At the G7 meeting, the ICO will present its vision for the future, where web browsers, software applications and device settings allow people to set lasting privacy preferences of their choosing, rather than having to do that through pop-ups every time they visit a website. It said this would ensure people's privacy preferences are respected and the use of personal data is minimised, while improving users' browsing experience and removing friction for businesses.
Responding to the ICO's call, Jim Killock, exec director of Open Rights Group, said: "The simple fact is that most cookie banners are unlawful, and the data collection behind them is, as her own report states, also unlawful. "If the ICO wants to sort out cookie banners then it should follow its own conclusions and enforce the law.
"We have waited for over two years now for the ICO to deal with this, and now they are asking the G7 to do their job for them. That is simply outrageous.
"We fully support their call for automated signals, but meantime they should enforce the law, which is their job."
Chip off the old block
Coincidentally, cookies were also high on the agenda for a recent report penned by a government task force and endorsed by the UK PM. In the report, lead author Iain Duncan Smith claimed an "overemphasis on consent" led to "people being bombarded with complex consent requests."
- Euro commissioner tells Facebook it has nowhere to hide
- Privacy watchdogs: Silence isn't cookie consent
- A month to go on Cookie Law: Will Google Analytics get a free pass?
- EU's top court says tracking cookies require actual consent before scarfing down user data
Cookies also topped the agenda for the proposed shake-up to data laws announced by UK Digital Secretary Oliver Dowden last month.
In a Telegraph interview, under the heading "Creating our own data laws is one of the biggest prizes of Brexit", he said that many cookie pop-ups were "pointless" and should go.
"No thanks, EU! Hated rules SCRAPPED as UK to end 'pointless' web cookies in Brexit bonfire," crowed the headline in the pro-Brexit Daily Express.
Quite how the new laws are squared with the need to maintain the EU's "adequacy" ruling to allow cross-border data sharing is a moot point.
But after a bad run in Afghanistan, and facing down COVID-19 and post-Brexit supply chain disruption, Boris Johnson's government could do with a distraction. Seeming to do something about those pop-ups that represent the pinnacle of first-world problems might play well with the newly found Red Wall constituents as well as the disgusted from Tunbridge Wells brigade. ®