ICO to call on G7 countries to tackle cookie pop-ups challenge

7 Sep 2021 11:47 AM

The UK Information Commissioner’s Office (ICO) will today call on fellow G7 data protection and privacy authorities to work together to overhaul cookie consent pop-ups, so people’s privacy is more meaningfully protected and businesses can provide a better web browsing experience.

Chairing the meeting, Information Commissioner Elizabeth Denham will virtually meet the G7 authorities on 7-8 September. At the meeting, she will present an idea on how to improve the current cookie consent mechanism, making web browsing smoother and more business friendly while better protecting personal data.

Currently many people automatically select ‘I agree’ when presented with cookies pop-ups on the internet, which means they are not having meaningful control over their personal data.

Information Commissioner Elizabeth Denham said:

“I often hear people say they are tired of having to engage with so many cookie pop-ups. That fatigue is leading to people giving more personal data than they would like.

“The cookie mechanism is also far from ideal for businesses and other organisations running websites, as it is costly and it can lead to poor user experience. While I expect businesses to comply with current laws, my office is encouraging international collaboration to bring practical solutions in this area.

“There are nearly two billion websites out there taking account of the world’s privacy preferences. No single country can tackle this issue alone. That is why I am calling on my G7 colleagues to use our convening power. Together we can engage with technology firms and standards organisations to develop a coordinated approach to this challenge.”

Joined by the Organisation for Economic Cooperation and Development (OECD) and the World Economic Forum (WEF), each G7 authority will present a specific technology or innovation issue they believe closer cooperation is needed. The event is closely aligned with the G7 “Data Free Flow with Trust” initiative.

The ICO will present its vision for the future, where web browsers, software applications and device settings allow people to set lasting privacy preferences of their choosing, rather than having to do that through pop-ups every time they visit a website. This would ensure people’s privacy preferences are respected and the use of personal data is minimised, while improving users’ browsing experience and removing friction for businesses.

While this approach is already technologically possible and compliant with data protection law, the ICO believes the G7 authorities could have a major impact in encouraging technology firms and standards organisations to further develop and roll out privacy-oriented solutions to this issue.

Ms Denham added:

“The digital world brings international opportunities and challenges, but these are currently being addressed by a series of domestic solutions. We need to consider how the work of governments and regulators can be better knitted together, to keep people’s trust in data driven innovation.”


The G7 data protection and privacy authorities consist of:

G7 authorities are meeting virtually on 7-8 September, joined by the Organisation for Economic Cooperation and Development (OECD) and the World Economic Forum (WEF). The event is closely aligned with the G7 “Data Free Flow with Trust” initiative. A communique will be published following the event.

Notes to Editors

  1. The Information Commissioner’s Office (ICO) upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
  2. The ICO has specific responsibilities set out in the Data Protection Act 2018, the UK General Data Protection Regulation (GDPR), the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
  3. Since 25 May 2018, the ICO has the power to impose a civil monetary penalty (CMP) on a data controller of up to £17million (20m Euro) or 4% of global turnover.
  4. The DPA2018 and UK GDPR gave the ICO new strengthened powers.
  5. The data protection principles in the UK GDPR evolved from the original DPA, and set out the main responsibilities for organisations.
  6. To report a concern to the ICO, go to ico.org.uk/concerns.