UK calls for browser-level controls to tackle cookie pop-up fatigue
The UK’s privacy and data protection authority says that people are tired of cookie pop-ups and that the current cookie consent mechanism should be moved at the browser level.
Elizabeth Denham, the current head of the UK Information Commissioner’s Office (ICO), said she plans to call on fellow data protection authorities during a G7 virtual meeting today to collaborate on an alternative method.
This new plan would require data protection authorities to work together and put pressure on browser vendors and web standards organizations to move cookie consent controls from the website level to a browser setting.
“I often hear people say they are tired of having to engage with so many cookie pop-ups. That fatigue is leading to people giving more personal data than they would like,” Denham said.
“The cookie mechanism is also far from ideal for businesses and other organisations running websites, as it is costly and it can lead to poor user experience,” she added.
Proposal’s success hinges on G7 members
The ICO head’s latest endeavor is reminiscent of the old Do Not Track initiative that — while it got implemented in several browsers — multiple websites chose to ignore.
The difference is that the ICO’s project wants to obtain the backing of several governments before moving forward, something that the DNT project never had.
The G7 virtual meeting is scheduled to take place over the course of September 7 and 8, and it’s unclear if other countries will get on board or when the project will move forward.
G7 members include the US, the UK, Canada, Japan, France, Germany, and Italy.
The European Union approved the so-called cookie law in May 2011, and the law entered into effect in 2012. Since then, websites that cater to EU citizens must tell their users what cookies they are using and for what purpose.
While the user must consent to cookie usage by clicking on a button in a pop-up, in recent years, academic research has found that most cookie pop-ups are clicked without being read, or the consent request is misleading, and users end up approving to having their data collected through intrusive tracking cookies.