various data privacy defenders criticized UK plans to replace cookie consent popups with an “opt-out template” which they believe will do more harm than good.
On a the e-mail exchange with Pro, Jon Callas of the Electronic Frontier Foundation described the plans as inherently flawed. “A good privacy regime needs to revolve around opt-in rather than opt-out,” he said. “Responsibility is to askto get someone’s permission before being watched.”
Those concerns were echoed by a spokesperson for privacy software company Brave, who acknowledged that the current system needed overhaul but warned that the new proposals would remove an important safety net. “This can lead users to opt for privacy-eroding practices. We believe the proposals are likely to lead to more damage to tracking and privacy, not less,” they said.
UK data collection reform
The UK government announced plans earlier this week to replace cookie consent pop-ups with a new system that it hopes will improve the user experience while preserving the ability to protect against privacy intrusions.
Under these new plans, website owners will be able to deploy cookies without obtaining express consent from visitors, but only “non-intrusive” varieties that do not facilitate “ad microtargeting”.
The cookie consent banners will be replaced by what the government describes as an “opt-out model of consent” whereby web users set their data collection preferences in advance through new “browser-based solutions”.
“We want to create a framework that empowers citizens through the responsible use of personal data. Our reforms will give individuals greater clarity about their rights and a clearer sense of how to determine access to and benefit from their own data,” she said. the report explained.
However, both the EFF and Brave criticized several facets of the proposal. Callas, for example, disagrees with the characterization of some cookies as necessary and others not; there shouldn’t be an unnecessary cookie, he argues, and certainly not one that is deployed without express permission.
“Part of the issue is brought up on the government’s own website, [which] it has a popup in it that has an opt-out for unnecessary cookies. If they’re unnecessary, then they shouldn’t be used,” he said.
“That’s why I think it should be opt-in rather than opt-out… [cookies] benefit someone other than us, I think they should get our permission first.”
Brave, for its part, is concerned about the limited scope of the reform, which appears to treat cookies as the sole means by which companies collect web activity data.
“The privacy damage of online tracking is not limited to cookies, so we would like to understand what the government and the regulator propose, especially with regards to a browser-based signal,” the company said.
“We would welcome the latter, as long as there is clear and precise agreement on the standard configuration of the signal and its specific purpose and how it will be enforced in law. We recall the unfortunate failure of the Do Not Track (DNT) signal.”
The position of legislators is unenviable, imprisoned by the need to balance the usability of the web, the interests of companies and the rights of the consumer. However, it seems that the latest reform proposals raise as many questions as they answer.
Pro asked the Department of Digital, Culture, Media and Sports (DCMS) for a response to these concerns.