The UK government has announced plans to replace the infamous cookie consent pop-up with a new system designed to improve the user experience while preserving the ability to shield against invasions of privacy.
Under these new plans, website owners will be able to deploy cookies without seeking express consent from visitors, but only “non-invasive” varieties that do not facilitate the “micro-targeting of advertisements”.
Cookie consent banners, meanwhile, will be replaced with what the government describes as an “opt-out model for consent”, whereby web users define their data collection preferences in advance via new “browser-based solutions”.
Cookie consent pop-ups
The plans were published alongside various other reforms in a document relating to a consultation that began last year with the ambition of establishing ways in which the UK should diverge from EU data policy in the aftermath of Brexit.
“Personal data is a huge strategic asset and the driving force of the world’s modern economies. It fuels innovation in businesses large and small, drives scientific discovery and has been a lifeline during the global coronavirus pandemic. This government’s ambition on data is clear: we will establish the UK as the most attractive global data marketplace,” the document states.
“We want to create a framework which empowers citizens through the responsible use of personal data. Our reforms will give individuals greater clarity over their rights and a clearer sense of how to determine access to and benefit from their own data.”
Although the consultation covered a wide breadth of data policy issues - from cross-border data flow to the application of artificial intelligence - a sizable portion was dedicated to the questions around cookies and consent.
The objective was to define a remodelling of the current system, whereby an intrusive pop-up is presented each time someone accesses a website, which is considered unfit for purpose by web users and website owners alike.
“Some respondents explained that their ability to collect potentially useful information, such as how many people are visiting their websites and what pages they are looking at the most, is restricted by the current strict rules on consent. Individuals also find the number of cookie pop-ups a source of annoyance, and routinely accept the terms without reading them,” the document explains.
“In the future, the government intends to move to an opt-out model of consent for cookies placed by websites. In practice, this would mean cookies could be set without seeking consent, but the website must give the web user clear information about how to opt out.”
The move is almost guaranteed to raise concerns among data privacy advocates, who might argue that the definition of “non-intrusive” is vague and that companies renowned for their abuse of cookies for the purposes of data collection will find ways to capitalize on any dilution of the hard line on cookies.
However, the government has moved to head off these concerns, promising that the shift to an opt-out consent model will take place only once the appropriate browser technologies are in place.
It all sounds lovely on paper, but whether the government can ultimately deliver on its proposals remains a separate question. The absence of a specific deadline implies that those in charge understand that execution will be far from straightforward.
