Cookie consent pop-ups need to be tackled in order to provide more meaningful consent and a better browsing experience, according to the ICO.
At a recent meeting for the data protection authorities of G7 countries, the ICO decided to tackle the topic of cookie consent pop-ups. The ICO has mentioned that there have been complaints among the general population about the need to constantly interact with cookie consent pop-ups when arriving on a website. More importantly, the ICO believes that these cookie consent pop-ups, especially when configured awkwardly, tend to have the effect of causing people to consent to giving more personal information than they would like. The ICO released a statement earlier this month discussing their intent to bring this topic up at a recent G7 meeting.
The ICO is of the opinion that currently, cookie consent pop-ups may cause individuals to consent to more use of their personal data than they would have liked.
Cookie consent pop-ups and requirements have been a topic of conversation for quite some time, not only among the general population on the interwebs, but also by relevant data protection authorities. Recently we published an article discussing the best practices for cookie consent pop-ups and banners, as outlined by the Malta DPA. In preparation for the virtual meeting on September 7-8, the ICO expressed interest in discussing this with fellow G7 data protection and privacy authorities. The Information Commissioner expressed a belief that, in their current form, some cookie consent pop ups and banners may cause individuals to consent to more access to and use of their personal data than they would have liked.
While the current model is already compliant with data protection law, the ICO believes that the G7 authorities have the power to influence further development.
The ICO has recently announced several intended changes to their data protection model, and cookie consent pop-ups were one of the key points the authority expressed interest in. While the current model is already compliant with data protection law, the ICO believes that the G7 authorities have the power to influence further development. The ICO holds a vision for the future where web browsers, software applications and device settings allow people to set lasting privacy preferences of their choosing, instead of having to do that through pop-ups each time they visit a website. This may allow individuals to be more intentional in their selections, rather than selecting whatever they feel that they need to, in order to get past a banner. This approach is definitely already technologically possible and compliant with data protection law as well, however the ICO believes that more can be done to effect change and promote more privacy oriented solutions.
The current regulations governing cookies are split between the GDPR and the ePrivacy Directive, which together ensure the protection of natural persons with regard to cookie consent pop-ups and banners.
The current regulations governing cookies are split between the GDPR and the ePrivacy Directive. There are several types of cookies, which in most cases users can choose from. For example, a user can choose to only allow the storage of necessary cookies, and reject any additional cookies for marketing or preferences. Recital 30 of the GDPR, does make mention of the importance of cookies, insofar as they can be used to identify individuals, especially with the amount of information on a user, which can be stored through the use of cookies. The ePrivacy Directive is sometimes known as the “cookie law” as it has been very instrumental in influencing the current use of cookie consent pop-ups, and ensuring that consent is ethically sourced for the use and storage of cookies. The rules regulating cookies are continuously being set, and cookies themselves are continually evolving, which means maintaining a current cookie policy will naturally be a continuous job.
