G7 data authorities urged to rethink cookie notifications

The UK’s data protection regulator says cookie pop-ups do not offer internet users meaningful control over their personal data, as people automatically select ‘I agree’ when presented with them.

At a virtual meeting today and tomorrow ( 7-8 September) chaired by information commissioner Elizabeth Denham, the ICO will present an idea to other G7 regulators on how to improve the current approach.

The ICO envisages a new approach that would see people able to choose and set lasting privacy preferences, rather than having to manually select pop-ups every time they visit a website.

The regulator says this is technically possible and would comply with data protection law.

Information commissioner Elizabeth Denham said: “I often hear people say they are tired of having to engage with so many cookie pop-ups. That fatigue is leading to people giving more personal data than they would like. 

“No single country can tackle this issue alone. That is why I am calling on my G7 colleagues to use our convening power. Together we can engage with technology firms and standards organisations to develop a coordinated approach to this challenge.”

The G7 data authorities consist of the data protection bodies of Canada, France, Germany, Italy, Japan, the UK and the US.

The government has said it plans to reform UK data law, although any potential divergence from the General Data Protection Regulation (GDPR) remains unclear. 

Pop-up cookie notifications relate to the EU ePrivacy directive, which was passed in 2002 and amended in 2009.