ICO call on G7 to clear up Cookie pop-up challenge

With the G7 summit taking place earlier this year in Carbis Bay, Cornwall the ICO has followed up with a virtual meeting earlier this month to discuss the issue of Cookie Pop-up's

The Information Commissioners Office (ICO) chaired a meeting earlier this month to call upon fellow G7 data protection and privacy authorities to better tackle and overhaul the cookie consent pop-up issue. This has come about because of the changes in legislation brought about by the implementation of the GDPR back in 2018.

Cookies are small text files that can help websites identify returning users or track them across huge advertising networks. Ever wondered why you see those ads that seem to follow you all around the internet for something that you recently searched for? Well, these are made possible by cookies.

Cookies can store your user behaviour information, for example; how long you were on their website, what you clicked on, items that you left in your shopping cart, preferences or settings that you chose and much more.

Chairing the meeting, the Information Commissioner Elizabeth Denham virtually met with the G7 authorities on 7-8 September. At this meeting, she presented an idea on how to improve the current cookie consent mechanism, making web browsing smoother and more business friendly while better protecting personal data.

Most of the time people simply automatically select ‘I agree’ when they are presented with cookies pop-ups on websites, which means they are not really having meaningful control over their personal data.

Information Commissioner Elizabeth Denham said:

"I often hear people say they are tired of having to engage with so many cookie pop-ups. That fatigue is leading to people giving more personal data than they would like.

“The cookie mechanism is also far from ideal for businesses and other organisations running websites, as it is costly and it can lead to poor user experience. While I expect businesses to comply with current laws, my office is encouraging international collaboration to bring practical solutions in this area.

“There are nearly two billion websites out there taking account of the world’s privacy preferences. No single country can tackle this issue alone. That is why I am calling on my G7 colleagues to use our convening power. Together we can engage with technology firms and standards organisations to develop a coordinated approach to this challenge"

Joined by the Organisation for Economic Cooperation and Development (OECD) and the World Economic Forum (WEF), each G7 authority will present a specific technology or innovation issue they believe closer cooperation is needed. The event is closely aligned with the G7 “Data Free Flow with Trust” initiative.

While this approach is already technologically possible and compliant with data protection law, the ICO believes the G7 authorities could have a major impact in encouraging technology firms and standards organisations to further develop and roll out privacy-oriented solutions to this issue.

Ms Denham added:

"The digital world brings international opportunities and challenges, but these are currently being addressed by a series of domestic solutions. We need to consider how the work of governments and regulators can be better knitted together, to keep people’s trust in data driven innovation.”

Newer Post >

Contact tracing and coronavirus

by Simon Hunt • 29 October 2021

The UK and devolved governments have announced a number of additional measures to help stop the spread of COVID-19. Some organisations are now required by law to collect customer information to support contact tracing schemes, and there are government apps you can download so people can trace the spread of the virus. The ICO has been supporting businesses and government to ensure that data protection and privacy is built into these new measures from the start. Whenever an organisation uses your information, it’s important for you to be aware of your personal data rights. We’ve put together some tips on things you should expect: Your personal data should be kept secure Businesses collecting your information for contact tracing should do so in a secure way. This means they shouldn’t use open log books or ask you to add your name to a list. If you’re concerned an organisation isn’t keeping your data secure you should raise your concern with them first. If you’re still dissatisfied, you can complain to the ICO. Your personal data should only be used for contact tracing Businesses shouldn’t misuse your personal information. Organisations and their staff members have an obligation to look after your personal information. For example, businesses shouldn’t use your contact details to send you further marketing or sell it on for others to target you. And staff members shouldn’t use your phone number or other contact details to get in touch with you for personal reasons. If you’re worried about how an organisation is handling your personal information, you have the right to raise your concerns. However, if you feel uncomfortable speaking directly to the organisation, the ico can help help. You can call our helpline and our team will be able to advise on what to do, how you can make a complaint to us and what will happen next. You should understand how your personal data will be used Whenever you give an organisation your personal data they should tell you how your information will be used. If you download either the NHS COVID-19 app, the Protect Scotland app or the StopCOVID NI app, it should be clear what personal data is being collected, why it is being collected and how long it will keep this information. Organisations collecting information for contact tracing should be transparent that they are only collecting the information for the purposes of contact tracing. If they want to collect information to send you updates or offers, this should be done separately and should be made clear to you. You have the right to access your personal information You have the right to ask an organisation for copies of the personal information it holds about you. The ico have detailed guidance on how you can ask an organisation for copies of your information. What if I don’t experience this? If you’re unhappy with how an organisation has been looking after your personal information you have the right to raise a concern. We have advice on the steps you can take here.

A change of Guard

by Simon Hunt • 29 October 2021

On Sunday 31st October, many people will be gathering to carve pumpkins (if they haven’t already) and go out trick or treating – weather permitting or course. Sunday also marks another occasion, Elizabeth Denham who is the current Information Commissioner and heads up the ICO, will be stepping aside (after a 3 months extension) to make way for John Edwards, the incoming Commissioner as appointed by the DCMS. Edwards, who was previously New Zealand’s Privacy commissioner, has in the past stated that he will be “fair and impartial in his dealings with tech companies” . However, he has been reported in the past as describing Facebook as “morally bankrupt pathological liars” So what can we expect from our new Commissioner? In an interview with Damien Green MP, he was quoted as saying “These are nation state-sized commercial enterprises” and that it is becoming “increasingly difficult to engage them on the national level”. An insight into his way of thinking can be found in a statement he gave earlier this year regarding the current Commissioner Ms Denham’s’ handling of the ICO’s investigation into leaked CCTV footage that led to Matt Hancock’s demise as Health Secretary. The Sun newspaper published an article which showed him kissing aide Gina Coladangelo in his departmental office, which was in breach of Covid-19 rules. Mr Hancock then later resigned from the Cabinet after CCTV footage was published. “I don’t know how it got to the press, but I think investigating the security of the government facility such as that, and the way in which it is responsible for data it is entrusted with, is an entirely legitimate activity of an Information Commissioner” The ICO had faced earlier criticism over raids that were carried out on 2 homes in the south of England where it seized computer equipment, as it probed the alleged data breach relating to the incident. Edwards did have this to say: "What I really want to do is make privacy easy. And I think I can translate that to the UK. I want to make data protection easy – easy for industry to implement at low cost, easy for consumers to exercise privacy-friendly choices in their marketplace, and easy for people to access remedies when things go wrong." After all the sweets have gone, the candles put out, and the pumpkins have been put onto compost piles (or chopped up and placed in food bins in our case) Mr Edwards will be getting his teeth into his new job, so good to you sir, let's see what the next Commissioner is capable of. What do you think, has Ms Denham done a good enough job? Will Edwards wage war on the big tech giants, or treat them "fairly & impartially?"