UK will urge G7 to improve cookie consent mechanism
Many users agree to cookies simply to get around pop-ups: the opposite of meaningful or informed consent
The UK's Information Commissioner, Elizabeth Denham, is to ask data protection and privacy regulators across the G7 (Group of Seven) to join forces to consider a solution to nuisance cookie pop-ups.
Denham, who leads UK data regulator the Information Commissioner's Office (ICO), will discuss the issue with her counterparts in the G7 nations in a series of virtual meetings today and tomorrow, urging them to use the group's power to improve the current cookie consent mechanism.
Ms Denham will present an idea on how web browsing can be made smoother for users, while also protecting their personal data.
Representatives of other countries will raise other technology issues they believe require international cooperation.
According to the ICO, many users automatically select 'I agree' when presented with cookies pop-ups, which means they do not have meaningful control over their personal data.
"I often hear people say they are tired of having to engage with so many cookie pop-ups. That fatigue is leading to people giving more personal data than they would like," Denham said.
She noted that the cookie mechanism is costly for organisations running websites and often leads to a poor user experience.
"There are nearly two billion websites out there taking account of the world's privacy preferences. No single country can tackle this issue alone. That is why I am calling on my G7 colleagues to use our convening power," Ms Denham said.
Cookies are text files a browser stores on a computer when visiting a website. Although these files are designed to speed up users' web browsing, they can also be used to identify a system and monitor users' online activities without their consent.
Web cookies are often used by third party advertisers, who can target a user with personalised adverts after seeing the different websites they visited.
While cookie consent forms are designed to enable people to permit or deny these cookies to be saved on their systems, their irritating pop-up designs and (often) lengthy opt-out procedures mean many users select 'I Agree' automatically - which does not count as 'meaningful consent', required under GDPR and similar privacy laws.
At the G7 virtual meeting, Ms Denham will propose a new system 'where web browsers, software applications and device settings allow people to set lasting privacy preferences of their choosing, rather than having to do that through pop-ups every time they visit a website'.
Commenting on the issue, Jake Moore, Cybersecurity Specialist at ESET, said: "Dealing with cookie choices on every single website has led people to look for the easiest way to bypass them, which is often by giving away more personal data that the user may have wanted to offer. Such information is used, stored, shared and profited from by these companies; many people are still not able to take this intrusion seriously due to how difficult some sites make it for their users to choose how their data is captured.
"Whilst the G7 looks into orchestrating a worldwide approach to safely choosing what data sites can and can't see, there are other ways in which users can protect their data and anonymise any tracking online.
"To reduce sensitive data being abused, private browsing is available and using a VPN will limit the extent to which sites can track and profile you as a web user."
Last month, the UK government also announced that New Zealand's Privacy Commissioner, John Edwards, was its preferred candidate for the job of Information Commissioner.
If appointed as the UK's Information Commissioner, which appears likely, Edwards' time in the office will coincide with the government's plan to reform privacy laws to make them more business-friendly and help drive growth following the Covid-19 pandemic.
Digital Secretary Oliver Dowden said earlier this year that Britain needs to take a "slightly less European approach" on privacy, and should focus more on the results that "we want to have" following the country's exit from the European Union.
"John Edwards's vast experience makes him the ideal candidate to ensure data is used responsibly to achieve those goals," Dowden said last week.
Dowden's statement, and the government's intent, are controversial as they could lead to a return to the time pre-GDPR, when corporations freely tracked and traded user data.