UK’s ICO calls for browser-level controls to fix ‘cookie fatigue.’
The UK Office of the Information Commissioner (ICO) calls for browser-level controls to fix “cookie fatigue,” a term that refers to a person’s sense of antipathy or indifference to receiving a message from an organisation.
The Information Commissioner’s Office wants internet users to have greater control over their browser cookies.
According to the ICO, many people are fatigued with managing their cookies settings as first-party repeatedly, and third-party companies continue to demand new permissions for tracking.
The ICO proposes that web browsers introduce ‘standardised methods for users to control cookie permissions to address this.
ICO’s proposed solution: browser opt-out tools
In a consultation document, the regulator suggests several possible mechanisms for doing so, including creating a persistent user interface element where users could click to toggle third-party cookies and creating browser extension tools to make the user’s preferences clear.
The ICO would also like to see browsers offer persistent cookie settings, meaning users would not have to manage their cookie permissions every time they visited a new site.
It added that sites could already request permission from users before setting a cookie but that most users would click ‘yes’ without reading.
The idea of using settings in browsers can be traced back more than a decade ago when the World Wide Web Consortium proposed browser settings as a way for users to have more control over their privacy. However, this approach has been scuppered by a lack of industry support from companies like Google, Microsoft, and Apple.
Greater transparency of how and what consumer information is gathered
The ICO wants greater transparency around how organisations pass personal information between each other, which would help avoid people selectively blocking cookies only on certain websites or not at all. This referring to the practice of “cookie syncing”, where companies share data amongst themselves through tracking pixels.
The regulator has suggested that web browsers could be updated to offer users a “do not track” option for each time they visit a site, which it said would give people more control over their privacy. This is something that Mozilla’s Firefox browser already does.
Is cookie management truly user-centric?
The ICO said in its statement: “Although the UK cookie law is helping to improve people’s awareness and understanding of cookies, our research shows that people are still not clear about how they work or what they are used for.”
The ICO stated that it had received over 1,000 complaints since the introduction of the EU cookie directive. It said: “Complaints include those from people who have seen their browsing experience degraded because of third party cookies and who have lost trust in websites.”
The ICO’s research also found that about one-third of internet users would like to delete locally stored cookies and that around 33% want more control over how they are used. The research was based on a survey conducted by market research firm Populus.
The ICO’s research was published alongside its response to the government’s consultation on strengthening the UK’s data protection framework. The regulator has already responded to the government with proposals to give it increased powers to levy higher fines for data protection offences under the Data Protection Act 1998 (DPA).
App tracking type solutions could pave the way
The UK’s data protection chief supports a browser or device-level setting that allows users to set “lasting” cookie preferences as a solution to the influx of consent pop-ups that continue to plague websites in the region.
Forcing people to turn down cookies repeatedly prompts something that UK Information Commissioner Elizabeth Denham terms “cookie fatigue” — a term that has already been used to describe how Internet users tire of being nagged about cookie permissions online.
In her view, the solution is to have permanent controls available through browser settings so you could select “no third-party cookies”, “ask me every time a site wants to use a cookie”, or another setting.
The ICO has been mulling over whether it should recommend tighter controls around digital marketing in the UK — specifically looking at ways to ensure consumer privacy is considered when new, invasive technologies are devised and rolled out.
How will browser level cookie control impact websites and advertisers?
In a speech at the Future of Privacy Forum in Washington, Denham argued that “companies have exploited ambiguities and loopholes” around cookie consent rules — with many taking “a very generous interpretation of the law” to continue sending marketing messages through a range of channels without user consent.
At present, websites are allowed to pick which cookie controls they want to offer users — with a range of choices from most restrictive (only showing core site functionality) down to allow all cookies as long as visitors turn off their privacy settings in browsers.
Denham asserts that digital marketers are taking advantage of the situation despite the difficulty of identifying cookie consent requests and making informed decisions about allowing data tracking.
She adds: “The problem is that these messages are often intrusive and irritating for consumers to receive, but they are difficult for individuals to ignore or find a means of opting out.”
Denham contends the current cookie regime is “failing to meet its objective of protecting individuals’ privacy while enabling mainstream marketing to thrive” — hence her call for browser-level controls to supplement the existing “notice and choice” system.