PH Privacy
ICO Looking to G7 Countries to Consider Solution for Cookie Pop-Up Fatigue
September 08, 2021
By
Sarah Pearce
& Ashley Webber
On 7 September 2021, the UK’s data protection authority, the Information Commissioner’s Office (ICO), announced that it will call on the G7 data protection authorities during virtual meetings on 7 and 8 September to “work together to overhaul cookie consent pop-ups, so people’s privacy is more meaningfully protected and businesses can provide a better web browsing experience”. The G7 data protection authorities represent the UK, Canada, France, Italy, Japan, the U.S., and Germany.
As a reminder, privacy laws state than when non-essential cookies or other tracking technologies are used on platforms such as websites, the individual using the platform should provide their consent before these non-essential cookies are used. Non-essential cookies are often used for advertising or analytics purposes, and collect varying degrees of personal data, some considered significantly more “privacy intrusive” than others. To comply with such laws, businesses generally incorporate cookie banners and pop-ups on their platforms which appear when an individual first visits the platform.
According to the announcement, the ICO is concerned that people are actually providing more personal data than they would like to due to “cookie fatigue”; essentially, this is when individuals are subjected to so many cookie pop-ups that they would rather just select the “I Agree” or “Accept” button to make them disappear. Further, the ICO is also considerate of the impact cookie pop-ups are currently having on businesses; it notes that the existing mechanism is “far from ideal…as it is costly and it can lead to poor user experience”.
The ICO is looking to the G7 countries to tackle this issue because it does not believe this is something that one country do alone. The ICO intends to present its vision where web browsers, software applications and device settings allow people to set lasting privacy preferences of their choosing, rather than having to do that through pop-ups every time they visit a website. The ICO believes this will “ensure people’s privacy preferences are respected and the use of personal data is minimised, while improving users’ browsing experience and removing friction for businesses”.
While evidence of its pragmatic approach, this seems to be based on an over simplification of the use of cookies and other tracking technologies and represents a somewhat idealistic view. With regards individuals’, their privacy preferences will only be respected to the extent that they fully understand what the information and questions presented to them actually mean and what the impact of providing their preferences through the relevant platform would be. It will be interesting to see what guidance the ICO provides about ensuring full transparency to individuals, or whether it will leave it to businesses to grapple with this. With regards businesses, the proposal could have a huge impact on their ability to collect data that, whilst not necessarily “essential” in the legal sense, is considered critical to their business, such as data for analytics to understand how their platform is used or for advertising to generate revenue. It’s also worth noting that there can always be exceptions to the essential/non-essential rule in businesses.
Approaching the G7 authorities was an interesting move by the ICO and one which was not expected. That said, given the recent scrutiny and debate around the future of cookies, it is not surprising that we are seeing data protection authorities starting to make their views clear on the matter, and a group effort is likely to see more traction. It is encouraging to see the ICO initiating the move and we look forward to learning more about the ICO’s proposal and the G7 authorities’ views in response, and will provide updates when available.