Cookie banners: G7 urged to consider solution to pop-up notices

The UK's information commissioner is to ask some of the most powerful countries in the world to join forces against cookie pop-ups online.

Elizabeth Denham will meet with her counterparts in the G7 (Group of Seven) nations on Tuesday.

Each country will raise a technology problem they believe can be solved with closer co-operation, with Ms Denham taking aim at cookie banners.

"No single country can tackle this issue alone," Ms Denham said.

"That is why I am calling on my G7 colleagues to use our convening power. Together we can engage with technology firms and standards organisations to develop a co-ordinated approach to this challenge."

Cookie pop-ups are widely disliked by internet users and businesses - who see them as an annoying obstacle - and by privacy advocates, who believe so-called "dark patterns" trick people into accepting privacy invasions, rather than read through pages of settings on every website.

"I often hear people say they are tired of having to engage with so many cookie pop-ups," Ms Denham said. "That fatigue is leading to people giving more personal data than they would like."

The Information Commissioner's Office (ICO) - the UK's national data watchdog - said it would pitch a "vision for the future".

In it, web browsers or even device-wide settings will "allow people to set lasting privacy preferences of their choosing, rather than having to do that through pop-ups every time they visit a website".

That would "ensure people's privacy preferences are respected" while improving the experience, it said.

The ICO said it believes such an approach is "already technologically possible and compliant with data protection law".

However, achieving it would require co-operation among different technology firms or standards organisations.

There is already a considerable amount of debate over the future of tracking cookies, with Apple limiting them by default in its software and Google pursuing a new standard that does not have the buy-in of other software makers.

The ICO said it believes that the combined weight of the G7 authorities "could have a major impact" in steering big tech firms to develop a solution.

Jim Killock, the executive director of Open Rights Group, said that even though the ICO's proposal was something he supported, "most" cookie banners were already breaking UK law, external.

"If the ICO wants to sort out cookie banners then it should follow its own conclusions and enforce the law," he said.

"We have waited for over two years now for the ICO to deal with this, and now they are asking the G7 to do their job for them. That is simply outrageous."

Ms Denham is now the outgoing commissioner.

In late August, the government announced plans to replace her with current New Zealand Privacy Commissioner John Edwards - while Digital Secretary Oliver Dowden fired an opening salvo in the war on cookie pop-ups.

He told the Telegraph that the new commissioner would "shake up" data rules, including promising to do something about cookies.

Mr Dowden suggested that "high risk" sites would still need similar notices, but that many of them are "pointless" - and said that such changes are a "prize" of leaving the EU.

Privacy expert Pat Walshe said: "It increasingly seems to me that the ICO is captured by government."

"So called 'cookie pop ups'... are a manifestation of an underlying business model based on the intrusion and erosion of privacy online. That underlying privacy eroding model and technology should be the focus."

"The ICO conducted a study on ad-tech - it's not made one bit of difference and has not enhanced privacy online at all," he said.

The UK is expected to adhere to similar privacy standards as the EU as part of an agreement over "data adequacy" - a complex area governing how private information is stored and shared across borders.

But the G7, as a collection of some of the world's wealthiest liberal democracies, has members both inside and outside the EU.

Ms Denham will be making her pitch to the privacy regulators in Canada, France, Italy, Japan, the United States, and Germany.

Any co-ordinated solution would probably take a long time to be rolled out, because new internet standards usually have a long formal process.

Until then, Ms Denham said she - as the regulator, "expect[s] businesses to comply with current laws".