In September 2021, the data protection authorities of each G7 nation met virtually to discuss a technological or innovation issue that they believed required closer cooperation to address properly. The ICO, which co-chaired the meeting, called for a complete overhaul on cookie consent.
Internet cookies enable business owners to track the activity of their website visitors, helping them paint a clearer picture of what their customers want. They have their benefits for consumers, too, saving their login credentials and making access to their favourite sites seamless, as well as solely providing content that the user will likely be interested in. However, as the ICO argued, the current cookie consent system is tired, flawed and in need of an overhaul.
Its biggest issue is rooted in pop-ups – the notification users receive each time they enter a site asking them to agree to using cookies. It has become such a chore to users that most will almost instinctively hit accept with little consideration. This is a major problem because it means they do not have meaningful control over their data and leads to people sharing more information than they are likely aware of, and ideally would like.
The current system, albeit extremely useful for business owners, also has its pitfalls; it is costly and such pop-ups can contribute to poor user experience which reflects badly on the company. Instead, the ICO envisages a future where users can establish lasting privacy preferences to counter regular pop-ups, something they say will make web browsing smoother and more business friendly while putting the control of personal data back into the consumer’s hands.
The proposal for a complete cookie consent overhaul is likely to have caused much concern and unrest among marketing departments across the globe. It will be seen as inconvenient for those countries in which data subject consent falls low on the list of priorities, particularly when it comes to online tracking.
Moreover, since the ICO’s vision revolves around giving consumers more control of their data, companies will likely lose out on a lot of insights they currently have access to as its likely that more and more consumers will restrict what they share.
Their proposed lasting privacy settings could also cause some upset – it risks users potentially taking a one-size-fits all approach to cookie consent and setting universal preferences across all websites. As a result, genuine, trustworthy websites will be tarred with the same brush as the dangerous, sinister sites that carry bad reputations.
Third-party data
Another consideration around the overhaul is the ongoing phase-out of third-party cookies which are already impacting what marketing intelligence companies have access to. Scheduled for a 2022 roll-out spearheaded by Google Chrome, this will see third-party cookies blocked, preventing embedded apps from tracking individuals.
This change is a cookie overhaul in itself, and for companies to have to respond and deal with another so soon would put many businesses under a lot of pressure to remain compliant. Instead, legislators should first allow companies to overcome the challenges presented by the phase out of third-party cookies, before enforcing such a dramatic overhaul of cookie consent as suggested by the ICO.
And yet, however relevant these concerns are, the cookie consent system does need updating. Privacy compliance and online users having control of their personal data is paramount, and this is reflected in the involvement of the G7.
If the user is going to be prioritised, privacy programmes need to modernise and move away from the paper-based approach to compliance. More than ever, organisations require robust programmes and technology which are flexible enough to adapt to the ever-changing privacy environment. Companies are often intimidated by it, or put off by the initial upfront cost, but compliance needs to be a part of every business’ DNA, and there is support available to help companies navigate the constantly changing landscape.
Should the ICO’s proposed cookie overhaul come into fruition, companies receiving expert advice will be best positioned to respond and keep on top of the new legislation. It is encouraging to see the importance the UK is putting on the rights of data subjects, as we continue to drive trust into the fabric of our businesses and set a leading example to the rest of the world.
Peter Borner is co-founder of The Data Privacy Group, a global data privacy compliance services provider.