After years of inaction against adtech, UK’s ICO calls for browser-level controls to fix ‘cookie fatigue’

 In the latest quasi-throwback toward ‘do not track‘, the UK’s data protection chief has come out in favor of a browser- and/or device-level setting to allow Internet users to set “lasting” cookie preferences — suggesting this as a fix for the barrage of consent pop-ups that continues to infest websites in the region.

European web users digesting this development in an otherwise monotonously unchanging regulatory saga, should be forgiven — not only for any sense of déjà vu they may experience — but also for wondering if they haven’t been mocked/gaslit quite enough already where cookie consent is concerned.

http://sydneychinesetennis.com.au/forum/viewtopic.php?t=69284

https://www.middleeastdefence.net/forum/main-forum/34625-comprar-galotam-prescripcion

https://www.stocksmessageboards.com/showthread.php?tid=140&pid=241013#pid241013

http://detimgn.iboards.ru/viewtopic.php?f=30&t=15727

http://www.welcome2solutions.com/forum/topics.aspx?ID=32309

http://freedom.teamforum.ru/viewtopic.php?t=8464

http://beastmodegames.com/forum/viewtopic.php?f=2&t=227822

https://pixarplanet.com/forums/viewtopic.php?f=10&t=230215

http://www.dislivelli.eu/forum/viewtopic.php?f=6&p=4315&t=482

http://www.tuoitho.net/diendan/viewtopic.php?f=30&p=1654661

https://urku.org.in/mybb/showthread.php?tid=14743

https://mobililenakit.com/showthread.php?tid=7502

https://getsurlforum.com/showthread.php?mode=linear&pid=5403&tid=3697&__cf_chl_jschl_tk__=pmd_D6pauihT5WGuRWrxj_4gZ_f9X7DjJu_weqTxlW6k44E-1631868336-0-gqNtZGzNAhCjcnBszQl9

http://aena.at/phpbb3/viewtopic.php?f=2&t=691

http://www.flyingfish.nl/forum/viewtopic.php?p=2320109

https://saldogratispoker.com/showthread.php?tid=222700

http://www.ttl.co-re.de/forum/showthread.php?pid=342492&tid=63828

http://wastedwarlocks.com/forums/showthread.php?tid=5395

https://dogging.dk/forum/viewtopic.php?t=61176

https://leakzone.net/Thread-Elder-Scrolls

Last month, UK digital minister Oliver Dowden took aim at what he dubbed an “endless” parade of cookie pop-ups — suggesting the government is eyeing watering down consent requirements around web tracking as ministers consider how to diverge from European Union data protection standards, post-Brexit. (He’s slated to present the full sweep of the government’s data ‘reform’ plans later this month so watch this space.)

Today the UK’s outgoing information commissioner, Elizabeth Denham, stepped into the fray to urge her counterparts in G7 countries to knock heads together and coalesce around the idea of letting web users express generic privacy preferences at the browser/app/device level, rather than having to do it through pop-ups every time they visit a website.

https://crackx.to/Thread-18-MEGA-NZ-NUDE-VIDEOS-MASTURBATING-AND-PHOTOS-OF-YOUNG-GIRLSsa?pid=182433

https://cerberus-chain.be/showthread.php?pid=17578&tid=4771

http://theauctionboard.com/showthread.php?pid=581206&tid=129025

http://plainnuts.com/showthread.php?tid=88377

http://aandp.net/forum/showthread.php?tid=1219217

https://forum.qworld-tuna.com/showthread.php?tid=24365

http://amantespastoraleman.com/foro/showthread.php?tid=9779

http://mbrito.uosdesigndegrees.com/mybb/showthread.php?tid=21014

https://therockandduckshow.net/showthread.php?tid=2042

https://kamera.al/showthread.php?tid=225

http://www.s-server.vip/viewtopic.php?f=1&t=70118

http://www.reo14.moe.go.th/phpBB3/viewtopic.php?t=324742

http://www.unraveled.net/phpbb/viewtopic.php?f=6&t=1248153

http://forum.ornisoft.com/viewtopic.php?f=4&t=797076

https://ciphertalks.com/viewtopic.php?f=7&t=89702

In a statement announcing “an idea” she will present this week during a virtual meeting of fellow G7 data protection and privacy authorities — less pithily described in the press release as being “on how to improve the current cookie consent mechanism, making web browsing smoother and more business friendly while better protecting personal data” — Denham said: “I often hear people say they are tired of having to engage with so many cookie pop-ups. That fatigue is leading to people giving more personal data than they would like.

“The cookie mechanism is also far from ideal for businesses and other organisations running websites, as it is costly and it can lead to poor user experience. While I expect businesses to comply with current laws, my office is encouraging international collaboration to bring practical solutions in this area.”

“There are nearly two billion websites out there taking account of the world’s privacy preferences. No single country can tackle this issue alone. That is why I am calling on my G7 colleagues to use our convening power. Together we can engage with technology firms and standards organisations to develop a coordinated approach to this challenge,” she added.

Contacted for more on this “idea”, an ICO spokeswoman reshuffled the words thusly: “Instead of trying to effect change through nearly 2 billion websites, the idea is that legislators and regulators could shift their attention to the browsers, applications and devices through which users access the web.

http://blog.pucp.edu.pe/blog/renzogm/2010/12/17/acerca-de-la-reeleccion-de-manuel-burga-y-la-ley-del-deporte/

http://blog.atlas-games.com/2015/05/a-fiasco-in-mythic-europe.html

http://blog.premiumaquatics.com/2018/01/maxspect-razor-x-leds.html?m=0&showComment=1589794861576

http://blog.theatrebayarea.org/2009/10/most-produced-playwright.html?showComment=1616255148499

https://youtubecreator-fr.googleblog.com/2019/12/les-quatre-piliers-de-la-responsabilite.html

http://autofunia.com/news/new-bmw-4-series-spy-photos-reveal-more-production-grille/

http://ukarlahaslera.freepage.cz/guestbook/

https://bsmcmiamifl.com/5-matters-to-do-immediately-concerning-essay-topics-for-high-school

https://urku.org.in/mybb/showthread.php?tid=14703

https://mobililenakit.com/showthread.php?tid=7860

https://getsurlforum.com/showthread.php?pid=5738&tid=3921&__cf_chl_managed_tk__=pmd_5F2Cj7AhXqN.OyQ8makpv4KhXXUqbYShjn51Z_w6eIo-1631690083-0-gqNtZGzNAtCjcnBszRT9

http://ngobrolingame.com/showthread.php?tid=57867

http://www.beta.cqpolska.pl/showthread.php?pid=429239&tid=151826#pid429239

“In place of click-through consent at a website level, users could express lasting, generic privacy preferences through browsers, software applications and device settings – enabling them to set and update preferences at a frequency of their choosing rather than on each website they visit.”

Of course a browser-baked ‘Do not track’ (DNT) signal is not a new idea. It’s around a decade old at this point. Indeed, it could be called the idea that can’t die because it’s never truly lived — as earlier attempts at embedding user privacy preferences into browser settings were scuppered by lack of industry support.

However the approach Denham is advocating, vis-a-vis “lasting” preferences, may in fact be rather different to DNT — given her call for fellow regulators to engage with the tech industry, and its “standards organizations”, and come up with “practical” and “business friendly” solutions to the regional Internet’s cookie pop-up problem.

It’s not clear what consensus — practical or, er, simply pro-industry — might result from this call. If anything.

http://beastmodegames.com/forum/viewtopic.php?f=2&t=168436

http://www.demo.ngofficiel.fr/viewtopic.php?p=327482

http://forum.echo.or.id/forum/viewtopic.php?f=2&t=159076

http://www.magrace.ru/forum/viewtopic.php?p=1515569

http://www.flyingfish.nl/forum/viewtopic.php?p=2319550

https://www.pckitcj.com/posts/list/29948.page

http://www.unlockperu.com/forum/asansam-dongle/26754-gu-michigan-vs-montana-live

http://siamtownus.com/forum/topics.aspx?ID=58678

https://lemon.shivtr.com/forum_threads/3309955

https://forum.creative-destruction.com/forum.php?mod=viewthread&tid=168194

https://tubreveespacio.com/foros/viewtopic.php?p=67407

Indeed, today’s press release may be nothing more than Denham trying to raise her own profile since she’s on the cusp of stepping out of the information commissioner’s chair. (Never waste a good international networking opportunity and all that — her counterparts in the US, Canada, Japan, France, Germany and Italy are scheduled for a virtual natter today and tomorrow where she implies she’ll try to engage them with her big idea).

Her UK replacement, meanwhile, is already lined up. So anything Denham personally champions right now, at the end of her ICO chapter, may have a very brief shelf life — unless she’s set to parachute into a comparable role at another G7 caliber data protection authority.

http://forum.darkchet.com/showthread.php?tid=2196

http://beta.cqpolska.pl/showthread.php?pid=190107&tid=44555#pid190107

https://www.stocksmessageboards.com/showthread.php?tid=15825

https://www.getsurlforum.com/showthread.php?mode=threaded&pid=689&tid=265&__cf_chl_managed_tk__=pmd_uaYE61DXMecu5nK_2ThBOoQSs07ltiHVMjvYjQmBryw-1631597583-0-gqNtZGzNAuWjcnBszRMl

http://ngobrolingame.com/showthread.php?tid=58765

https://forum.qworld-tuna.com/showthread.php?tid=24358

https://remont.biz.pl/forum/thread-14894.html

https://www.myotoniacongenita.info/forum/showthread.php?tid=1915

https://www.forumdime.com/Thread-%D0%94%D0%95%D0%9D%D0%AC%E2%80%94%D0%93%D0%9E%D0%A0%D0%9E%D0%94%D0%90-%D0%94%D0%B5%D0%BD%D1%8C-%D0%B3%D0%BE%D1%80%D0%BE%D0%B4%D0%B0-2021-%D1%84%D0%B8%D0%BB%D1%8C%D0%BC-%D1%81%D0%BC%D0%BE%D1%82%D1%80%D0%B5%D1%82%D1%8C-%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD-%E2%80%94-SRAO

https://realtimecheats.com/forum/showthread.php?tid=128859

https://roqstech.de/viewtopic.php?f=7&t=1162785

Nor is Denham the first person to make a revived pitch for a rethink on cookie consent mechanisms — even in recent years.

Last October, for example, a US-centric tech-publisher coalition came out with what they called a Global Privacy Standard (GPC) — aiming to build momentum for a browser-level pro-privacy signal to stop the sale of personal data, geared toward California’s Consumer Privacy Act (CCPA), though pitched as something that could have wider utility for Internet users.

By January this year they announced 40M+ users were making use of a browser or extension that supports GPC — along with a clutch of big name publishers signed up to honor it. But it’s fair to say its global impact so far remains limited. 

More recently, European privacy group noyb published a technical proposal for a European-centric automated browser-level signal that would let regional users configure advanced consent choices — enabling the more granular controls it said would be needed to fully mesh with the EU’s more comprehensive (vs CCPA) legal framework around data protection.

The proposal, for which noyb worked with the Sustainable Computing Lab at the Vienna University of Economics and Business, is called Advanced Data Protection Control (ADPC). And noyb has called on the EU to legislate for such a mechanism — suggesting there’s a window of opportunity as lawmakers there are also keen to find ways to reduce cookie fatigue (a stated aim for the still-in-train reform of the ePrivacy rules, for example).

So there are some concrete examples of what practical, less fatiguing yet still pro-privacy consent mechanisms might look like to lend a little more color to Denham’s ‘idea’ — although her remarks today don’t reference any such existing mechanisms or proposals.

(When we asked the ICO for more details on what she’s advocating for, its spokeswoman didn’t cite any specific technical proposals or implementations, historical or contemporary, either, saying only: “By working together, the G7 data protection authorities could have an outsized impact in stimulating the development of technological solutions to the cookie consent problem.”)

So Denham’s call to the G7 does seem rather low on substance vs profile-raising noise.

In any case, the really big elephant in the room here is the lack of enforcement around cookie consent breaches — including by the ICO.

Add to that, there’s the now very pressing question of how exactly the UK will ‘reform’ domestic law in this area (post-Brexit) — which makes the timing of Denham’s call look, well, interestingly opportune. (And difficult to interpret as anything other than opportunistically opaque at this point.)

The adtech industry will of course be watching developments in the UK with interest — and would surely be cheering from the rooftops if domestic data protection ‘reform’ results in amendments to UK rules that allow the vast majority of websites to avoid having to ask Brits for permission to process their personal data, say by opting them into tracking by default (under the guise of ‘fixing’ cookie friction and cookie fatigue for them).

That would certainly be mission accomplished after all these years of cookie-fatigue-generating-cookie-consent-non-compliance by surveillance capitalism’s industrial data complex.

It’s not yet clear which way the UK government will jump — but eyebrows should raise to read the ICO writing today that it expects compliance with (current) UK law when it has so roundly failed to tackle the adtech industry’s role in cynically sicking up said cookie fatigue by failing to take any action against such systemic breaches.

The bald fact is that the ICO has — for years — avoided tackling adtech abuse of data protection, despite acknowledging publicly that the sector is wildly out of control.

Instead, it has opted for a cringing ‘process of engagement’ (read: appeasement) that has condemned UK Internet users to cookie pop-up hell.

This is why the regulator is being sued for inaction — after it closed a long-standing complaint against the security abuse of people’s data in real-time bidding ad auctions with nothing to show for it… So, yes, you can be forgiven for feeling gaslit by Denham’s call for action on cookie fatigue following the ICO’s repeat inaction on the causes of cookie fatigue…

Not that the ICO is alone on that front, however.

There has been a fairly widespread failure by EU regulators to tackle systematic abuse of the bloc’s data protection rules by the adtech sector — with a number of complaints (such as this one against the IAB Europe’s s

Not that the ICO is alone on that front, however.

There has been a fairly widespread failure by EU regulators to tackle systematic abuse of the bloc’s data protection rules by the adtech sector — with a number of complaints (such as this one against the IAB Europe’s self-styled ‘transparency and consent framework’) still working, painstakingly, through the various labyrinthine regulatory processes.

France’s CNIL has probably been the most active in this area — last year slapping Amazon and Google with fines of $42M and $120M for dropping tracking cookies without consent, for example. (And before you accuse CNIL of being ‘anti-American’, it has also gone after domestic adtech.)

But elsewhere — notably Ireland, where many adtech giants are regionally headquartered — the lack of enforcement against the sector has allowed for cynical, manipulative and/or meaningless consent pop-ups to proliferate as the dysfunctional ‘norm’, while investigations have failed to progress and EU citizens have been forced to become accustomed, not to regulatory closure (or indeed rapture), but to an existentially endless consent experience that’s now being (re)branded as ‘cookie fatigue’.

Yes, even with the EU’s General Data Protection Regulation (GDPR) coming into application in 2018 and beefing up (in theory) consent standards.

This is why the privacy campaign group noyb is now lodging scores of complaints against cookie consent breaches — to try to force EU regulators to actually enforce the law in this area, even as it also finds time to put up a practical technical proposal that could help shrink cookie fatigue without undermining data protection standards. 

It’s a shining example of action that has yet to inspire the lion’s share of the EU’s actual regulators to act on cookies. The tl;dr is that EU citizens are still waiting for the cookie consent reckoning — even if there is now a bit of high level talk about the need for ‘something to be done’ about all these tedious pop-ups.

The problem is that while GDPR certainly cranked up the legal risk on paper, without proper enforcement it’s just a paper tiger. And the pushing around of lots of paper is very tedious, clearly. 

Most cookie pop-ups you’ll see in the EU are thus essentially privacy theatre; at the very least they’re unnecessarily irritating because they create ongoing friction for web users who must constantly respond to nags for their data (typically to repeatedly try to deny access if they can actually find a ‘reject all’ setting).

But — even worse — many of these pervasive pop-ups are actively undermining the law (as a number of studies have shown) because the vast majority do not meet the legal standard for consent.

So the cookie consent/fatigue narrative is actually a story of faux compliance enabled by an enforcement vacuum that’s now also encouraging the watering down of privacy standards as a result of such much unpunished flouting of the law.

There is a lesson here, surely.

‘Faux consent’ pop-ups that you can easily stumble across when surfing the ‘ad-supported’ Internet in Europe include those failing to provide users with clear information about how their data will be used; or not offering people a free choice to reject tracking without being penalized (such as with no/limited access to the content they’re trying to access), or at least giving the impression that accepting is a requirement to access said content (dark pattern!); and/or otherwise manipulating a person’s choice by making it super simple to accept tracking and far, far, far more tedious to deny.

You can also still sometimes find cookie notices that don’t offer users any choice at all — and just pop up to inform that ‘by continuing to browse you consent to your data being processed’ — which, unless the cookies in question are literally essential for provision of the webpage, is basically illegal. (Europe’s top court made it abundantly clear in 2019 that active consent is a requirement for non-essential cookies.)