ICO under fire over plans to urge G7 to tackle cookie pop-ups

The UK's Information Commissioner Elizabeth Denham is set to ask data regulators from G7 countries to join forces against online cookie pop-ups.

Denham will meet with her counterparts on Tuesday, with each country set to raise a technology problem they believe can be solved with close collaboration. However, privacy experts feel the ICO could be doing more to tackle the cookie problem itself.

Cookie pop-ups are seen as an annoying obstacle by most internet users, but privacy advocates and regulators feel there is something more nefarious about them. They suggest they can be used to 'trick' users into accepting privacy invasions rather than reading through a long list of settings for each website they visit.

"There are nearly two billion websites out there taking account of the world's privacy preferences," Denham said. "No single country can tackle this issue alone. That is why I am calling on my G7 colleagues to use our convening power. Together we can engage with technology firms and standards organisations to develop a coordinated approach to this challenge."

The ICO added that it envisions a future where web browsers, applications and device settings allow people to set lasting privacy preferences of their choosing, "rather than having to do that through pop-ups every time they visit a website."

The call to tackle cookie pop-ups has backing from many in the tech industry, but there are questions being asked of the ICO and the UK government about its own enforcement of the "unlawful" data collection practices of cookie banners.

Johnny Ryan, the chief policy officer for the privacy-focused browser Brave, suggested the ICO's plan was "daft" because the government could have fixed the cookie problem "before Brexit". He has previously pointed out that it is already illegal under GDPR and that the ICO just needs to do more enforcing itself.

Jim Killock, the executive director of the Open Rights Group, also suggested the ICO should be doing more. He said that Denham's own reports have stated that most cookie banners and the data collection behind them are unlawful.

"If the ICO wants to sort out cookie banners then it should follow its own conclusions and enforce the law," Killock said. "We have waited for over two years now for the ICO to deal with this, and now they are asking the G7 to do their job for them. That is simply outrageous. We fully support their call for automated signals, but in the meantime they should enforce the law, which is their job."