We have all heard the Government spokesperson and ministers saying that they are going to get rid of the annoying, pointless cookie banners that keep asking people to consent to allow cookies.
This is a great idea and will move the data privacy rights of individuals back into the last century.
As annoying as they are, the banner is there for a very good reason, to protect your data rights and to stop organisations from using your data in any way they see fit.
People will soon be jumping up and down when they get bombarded with emails advertising all sorts of useless items or items based on a search term put into the search engine used, or even worse listened to by “Alexa” sitting in the corner of your lounge.
What are the Government proposing?
- To remove the consent requirement for analytical cookies and similar technologies (governed by Regulation 6 of PECR); similarly, treat them as “strictly necessary cookies”
What this means is any cookie, pixel or any other tracking technology used by website owners to gather analytical data on how you have interacted with the website as an “essential” cookie.
In other words, no consent is required from you at all to load this onto whatever device you are using and collect data.
Currently, a website user must give consent for these cookies to be loaded onto their devices and for this data to be collected.
The reason for this is that the data collected contains personal data, like IP addresses and can contain GPS data of your location. In all fairness, some of the analytical cookies do not collect personal data but get categorised as such.
The data can also contain, what pages you looked at, how long you spent on the page, why you clicked on, what links you used anything you have done on the website.
Along with that, it will gather your IP address, your location, your device type, the operating system used, if you have been to the website before, if you have purchased anything on the site before and the search terms used to find the site.
This is all valuable information to the site owners and helps to improve the position of the site on the Google pages and other search engines.
Website owners optimise their sites based on search terms used by individuals and these search terms are gathered by using cookies.
- To remove the consent requirements in Regulation ^ of PECR for a broader range of circumstances where the controller can demonstrate a legitimate interest in processing data.
This is all about the controller (website owner) doing an assessment and balancing your rights and freedoms against what it is they want to achieve.
So they will decide on what cookies to place in a category, removing the necessity of collecting consent to use them and relying on a legitimate interest to load them on your device.
- To remove the consent requirements in Regulation 6 of PECR when controllers are using cookies or similar technologies in compliance with an ICO-approved sector code or regulatory guidance
I have no idea what that means because no ICO sector codes or guidance allow for the removal of consent when using cookies.
That is yet. I can imagine a lot of codes and guidance notes coming out that will eventually remove the requirement for collecting consent for the use of any cookie or tracking technology on websites.
This will totally remove an individual’s rights to consent to their data being used, although they will still have the right to object or block cookies in another way.
- The final one, I have left till last on purpose. To remove the requirement for prior consent for all types of cookies (governed by Regulation 6 of PECR)
That’s it, no consent, just load all cookies on an individual’s device and collect all the data they want. We are back in the 90’s!
What about the rest of the world?
Has the UK government forgotten that beyond their borders there are other countries with Regulations like the ePrivacy Regulation that control the use of cookies?
All these changes are great for companies who are not multi-jurisdictional and only deal within the UK border.
Once a website owner attempts to target EU residents with their product, they will have to comply with the ePrivacy Regulation and gather prior consent for cookies that are non-essential to the functionality of the website.
Nearly every other country that has adopted a data protection law has some form of regulation controlling the use of Cookies and other tracking technologies.
The UK does this bold move has just confused matters and made it more difficult for organisations with a multi-jurisdictional presence.
How will the government proceed?
The last point about removing consent of all types of cookies, the government has said this will only be achievable when there is a technology widely available to help users manage their online preferences.
That implies that there is no method of achieving what the government has said it plans to do. Umm, I think this is where CookieScan comes in.
How can CookieScan achieve this goal
CookieScan™ is already doing this on a smaller scale. With the geo-location feature built into CookieScan, it recognises the country the website is being viewed in and applies the country’s cookie requirements to the website.
The user is presented with a relevant banner informing them about the cookies and collects consent is required to do so or loads the cookies without consent if consent is not required by that country.
The example I can give is Jersey and Guernsey in the Channel Islands. Guernsey has adopted the requirements under PECR to collect prior consent for cookies and other tracking technologies before they are loaded onto a website user’s device, whereas Jersey has not.
Jersey still assumes consent to cookies with continued use of the site.
The government has not made it clear if there will still be a requirement to inform website users of the presence of cookies, what ones are on the site, what they do and how long they will remain active or are they just being loaded on without any information.
I would like to think the latter is not the case, otherwise, we will totally lose control of what is happening to our data and what is being collected.
At least by knowing what cookies are being loaded, you still have an option to use the browser settings to block cookies from your own device.
CookieScan™ can easily achieve the goals the UK government have set and still allow website owners to comply with the rest of the world’s cookie requirements.
So, if the government is serious about doing this, CookieScan can do it for them.