Cookie consent pop-ups need to be tackled in order to provide more meaningful consent and a better browsing experience, according to the ICO.
At a recent meeting for the data protection authorities of G7 countries, the ICO decided to tackle the topic of cookie consent pop-ups. The ICO has mentioned that there have been complaints among the general population about the need to constantly interact with cookie consent pop-ups when arriving on a website. More importantly, the ICO believes that these cookie consent pop-ups, especially when configured awkwardly, tend to have the effect of causing people to consent to giving more personal information than they would like. The ICO released a statement earlier this month discussing their intent to bring this topic up at a recent G7 meeting.
The ICO is of the opinion that currently, cookie consent pop-ups may cause individuals to consent to more use of their personal data than they would have liked.
Cookie consent pop-ups and requirements have been a topic of conversation for quite some time, not only among the general population on the interwebs, but also by relevant data protection authorities. Recently we published an article discussing the best practices for cookie consent pop-ups and banners, as outlined by the Malta DPA. In preparation for the virtual meeting on September 7-8, the ICO expressed interest in discussing this with fellow G7 data protection and privacy authorities. The Information Commissioner expressed a belief that, in their current form, some cookie consent pop ups and banners may cause individuals to consent to more access to and use of their personal data than they would have liked.
While the current model is already compliant with data protection law, the ICO believes that the G7 authorities have the power to influence further development.
The ICO has recently announced several intended changes to their data protection model, and cookie consent pop-ups were one of the key points the authority expressed interest in. While the current model is already compliant with data protection law, the ICO believes that the G7 authorities have the power to influence further development. The ICO holds a vision for the future where web browsers, software applications and device settings allow people to set lasting privacy preferences of their choosing, instead of having to do that through pop-ups each time they visit a website. This may allow individuals to be more intentional in their selections, rather than selecting whatever they feel that they need to, in order to get past a banner. This approach is definitely already technologically possible and compliant with data protection law as well, however the ICO believes that more can be done to effect change and promote more privacy oriented solutions.
The current regulations governing cookies are split between the GDPR and the ePrivacy Directive, which together ensure the protection of natural persons with regard to cookie consent pop-ups and banners.
Does your company want to collect cookies through a website or app? Does your company have all of the mandated safeguards in place to ensure compliance with the GDPR, Law Enforcement Directive and Data Protection Act 2018? Aphaia provides both GDPR and Data Protection Act 2018 consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing. We can help your company get on track towards full compliance. Contact us today
Post-Brexit UK to overhaul privacy rules in an attempt to increase effectiveness while maintaining adequacy with the EU and other nations.
The British government is looking forward to creating new privacy rules based on “common sense, not box-ticking”. The new privacy rules might drift the UK away from the EU data protection regulations, including the 2018 GDPR, which still guided the framework of their post-Brexit UK-GDPR privacy rules. According to the culture secretary, this may put an end to the irritating cookie popups and consents requests online. However, the new regime has to qualify for the EU’s adequacy requirement, otherwise continued data transfer between the UK and EU may be affected.
After October, a new Information Commissioner will be appointed to replace Elizabeth Denham.
The culture secretary aims at developing a globally leading data policy that will help businesses and individuals across the UK. The government plans on giving this daunting task of overseeing the transformation to John Edwards, who will be appointed as the new Information Commissioner. He is currently the Privacy Commissioner of New Zealand, and the UK’s preferred choice to replace the current Information Commissioner, Elizabeth Denham, after the current tenure ends on October 31st.
Will the new rules help small businesses or result in more trade and investment barriers?
Whereas cookie consent rules have been widely criticised by the industry and the users, they represent a tiny portion of the current (UK) GDPR framework, and are unlikely to be decisive when it comes to mutual adequacy between nations. The bigger picture is the current freedom to transfer data between the UK and the EU/EEA based on the current European Commission adequacy decision, which still gives UK-based tech companies an edge. “Putting that in jeopardy would likely offset any benefits for tech startups in terms of compliance regime simplification,” comments Dr Bostjan Makarovic, Aphaia’s Managing Partner. ‘We must also be aware that the UK consumers have gotten accustomed to a high degree of privacy protection, and they hardly see the current UK GDPR as an unnecessary bureaucratic burden.’