Many data privacy advocates have criticized UK plans to replace cookie consent pop-ups with an "opt-out model", which they say will do more harm than good.
In an email exchange with TechRadar Pro, Electronic Frontier Foundation's Jon Callas described the plans as inherently flawed. "A good privacy regime should be about opt-in rather than opt-out," he said. "The responsible thing to do is to ask, to get someone's permission before they put you under surveillance."
Those concerns were echoed by a spokesman for privacy software company Brave, who acknowledged the current system needed reform but warned the new proposals would remove an important safety net. “This can lead users to accept intrusive privacy practices. We believe the proposals are likely to result in more tracking and privacy damage, not less,” they told us.
UK data collection reform
The British Government has announced this week and intends to replace the contextuel barriers of consent with cookies for a new system that, hopefully, improves the experience used to preserve the ability to protect itself against threats to the private life.
Under these new plans, website owners will be able to deploy cookies without asking for express consent from visitors, but only of "non-intrusive" varieties that don't facilitate "microtargeting ads."
Cookie consent banners will be replaced by what the government describes as a "consent opt-out model," in which internet users define their data collection preferences in advance through new "browser-based solutions." ».
“We want to create a framework that empowers citizens through the responsible use of personal data. Our reforms will give people greater clarity about their rights and a clearer idea of how to determine access to and benefit from their own data,” the report explains.
However, the EFF and Brave criticized several facets of the proposal. Callas, for example, does not agree with the characterization of some cookies as necessary and others as not; There should be no useless cookies, she argues, and certainly no cookies deployed without express permission.
“Part of the problem is discussed on the government's own website, [which] has a pop-up window that has an opt-out option for unnecessary cookies. If they are unnecessary, they should not be used,” he said.
"That's why I think it should be optional, rather than opt out... If [cookies] benefit someone other than us, I think you should get our permission first.
Brave, meanwhile, is concerned about the limited scope of the reform, which appears to treat cookies as the exclusive means by which companies collect data about web activity.
“The privacy harm from online tracking is not limited to cookies, so we would like to understand what the government and regulator are proposing, particularly with regard to a browser-based signal,” the company said.
“We would welcome the latter provided there is clear and specific agreement on the default signal configuration and its specific purpose and how it will be enforced by law. We remember the unfortunate failure of the Do Not Track (DNT) signal.
Policymakers find themselves in an unenviable position, caught in a bind by the need to balance Web usability, corporate interests, and consumer rights. However, it would seem that the latest reform proposals raise as many questions as they answer.
LaComparacion Pro has asked the Department of Digital, Culture, Media and Sports (DCMS) for a response to these concerns.
