Information Commissioner's Office
ICO to call on G7 countries to tackle cookie pop-ups challenge
The UK Information Commissioner’s Office (ICO) will today call on fellow G7 data protection and privacy authorities to work together to overhaul cookie consent pop-ups, so people’s privacy is more meaningfully protected and businesses can provide a better web browsing experience.
Chairing the meeting, Information Commissioner Elizabeth Denham will virtually meet the G7 authorities on 7-8 September. At the meeting, she will present an idea on how to improve the current cookie consent mechanism, making web browsing smoother and more business friendly while better protecting personal data.
Currently many people automatically select ‘I agree’ when presented with cookies pop-ups on the internet, which means they are not having meaningful control over their personal data.
Information Commissioner Elizabeth Denham said:
“I often hear people say they are tired of having to engage with so many cookie pop-ups. That fatigue is leading to people giving more personal data than they would like.
“The cookie mechanism is also far from ideal for businesses and other organisations running websites, as it is costly and it can lead to poor user experience. While I expect businesses to comply with current laws, my office is encouraging international collaboration to bring practical solutions in this area.
“There are nearly two billion websites out there taking account of the world’s privacy preferences. No single country can tackle this issue alone. That is why I am calling on my G7 colleagues to use our convening power. Together we can engage with technology firms and standards organisations to develop a coordinated approach to this challenge.”
Joined by the Organisation for Economic Cooperation and Development (OECD) and the World Economic Forum (WEF), each G7 authority will present a specific technology or innovation issue they believe closer cooperation is needed. The event is closely aligned with the G7 “Data Free Flow with Trust” initiative.
The ICO will present its vision for the future, where web browsers, software applications and device settings allow people to set lasting privacy preferences of their choosing, rather than having to do that through pop-ups every time they visit a website. This would ensure people’s privacy preferences are respected and the use of personal data is minimised, while improving users’ browsing experience and removing friction for businesses.
While this approach is already technologically possible and compliant with data protection law, the ICO believes the G7 authorities could have a major impact in encouraging technology firms and standards organisations to further develop and roll out privacy-oriented solutions to this issue.
Ms Denham added:
“The digital world brings international opportunities and challenges, but these are currently being addressed by a series of domestic solutions. We need to consider how the work of governments and regulators can be better knitted together, to keep people’s trust in data driven innovation.”
The G7 data protection and privacy authorities consist of:
- Office of the Privacy Commissioner (Canada)
- Commission Nationale de l’Informatique et des Libertés (France)
- Garante per la Protezione dei Dati Personali (Italy)
- Personal Information Protection Commission, 個人情報保護委員会 (Japan)
- Federal Trade Commission (United States of America)
- Information Commissioner’s Office (UK)
- Federal Commissioner for Data Protection and Freedom of Information, BfDI (Germany)
G7 authorities are meeting virtually on 7-8 September, joined by the Organisation for Economic Cooperation and Development (OECD) and the World Economic Forum (WEF). The event is closely aligned with the G7 “Data Free Flow with Trust” initiative. A communique will be published following the event.
Notes to Editors
- The Information Commissioner’s Office (ICO) upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
- The ICO has specific responsibilities set out in the Data Protection Act 2018, the UK General Data Protection Regulation (GDPR), the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
- Since 25 May 2018, the ICO has the power to impose a civil monetary penalty (CMP) on a data controller of up to £17million (20m Euro) or 4% of global turnover.
- The DPA2018 and UK GDPR gave the ICO new strengthened powers.
- The data protection principles in the UK GDPR evolved from the original DPA, and set out the main responsibilities for organisations.
- To report a concern to the ICO, go to ico.org.uk/concerns.
Latest News from
Information Commissioner's Office
Director’s Update – Looking at the future of Freedom of Information (FOI) through ICO2515/07/2022 12:25:00
This is the third in a series of updates from Warren Seddon, Director of FOI and Transparency.
UK Information Commissioner sets out focus on empowering people through information14/07/2022 11:25:00
The Information Commissioner’s Office (ICO) has set out a commitment to safeguard the information rights of the most vulnerable people, including regulatory work around children’s privacy, AI-driven discrimination, the use of algorithms within the benefits system and the impact of predatory marketing calls.
Behind the screens: ICO calls for review into use of private email and messaging apps within government11/07/2022 15:10:00
The Information Commissioner’s Office (ICO) has today called for a government review into the systemic risks and areas for improvement around the use of private correspondence channels – including private email, WhatsApp and other similar messaging apps.
ICO and NCSC stand together against ransomware payments being made11/07/2022 12:25:00
Solicitors are being asked to play their part in keeping the UK safe online by helping to tackle the rise in organisations paying out to ransomware criminals.
ICO and Personal Information Protection Commission, South Korea, sign Memorandum of Understanding06/07/2022 10:10:00
The Information Commissioner’s Office (ICO) and the South Korean Personal Information Protection Commission (PIPC) have a strong relationship which recognises their shared common mission to uphold people’s information rights, while supporting digital innovation and economic development.
ICO sets out revised approach to public sector enforcement30/06/2022 15:05:00
The Information Commissioner’s Office (ICO) has today set out a revised approach to working more effectively with public authorities.
Statement in response to the government’s announcement on the upcoming Data Reform Bill17/06/2022 13:10:00
The government has published its response to a consultation on the upcoming Data Reform Bill.
Information Commissioner calls for an end to the excessive collection of personal information from victims of rape and serious sexual assault31/05/2022 14:05:00
The UK Information Commissioner has called on the criminal justice sector to immediately stop collecting excessive amounts of personal information from victims of rape and serious sexual assault cases.
ICO fines facial recognition database company Clearview AI Inc more than £7.5m and orders UK data to be deleted24/05/2022 09:10:00
The Information Commissioner’s Office (ICO) has fined Clearview AI Inc £7,552,800 for using images of people in the UK, and elsewhere, that were collected from the web and social media to create a global online database that could be used for facial recognition.