Privacy campaign group warns against government’s proposals to move to an ‘opt-out’ model
Proposals to scrap pop-up cookie consent boxes on websites will make it easier to spy on web users, a privacy campaign group has warned.
Cookie banners are a common feature for web users, who are asked to give their consent for websites as well as marketing and advertising businesses to gather information about their browsing activity. Ministers announced proposals on Friday to move to an “opt-out” model for cookie consent.
“In the future, the government intends to move to an opt-out model of consent for cookies placed by websites,” said the Department for Digital, Culture, Media and Sport (DCMS). “This would mean cookies could be set without seeking consent, but the website must give the web user clear information about how to opt out.”
Open Rights Group (ORG), which campaigns for privacy and free speech online, said the proposal would make spying on people’s activities the “default option”.
“Cookies are used to link activities across websites and build detailed and intrusive profiles of what you do, read and watch online,” said Mariano delli Santi, legal and policy officer at ORG. “The UK government propose to make online spying the default option … Cookie banners are annoying, but there are good reasons someone should ask your permission before building detailed dossiers about you.”
The cookie changes will be part of the digital reform bill announced in the Queen’s speech last month. The bill also proposes raising the potential fine for rogue cold callers from the current maximum of £500,000 to £17.5m, as well as changing the governance structure of the UK’s independent data watchdog.
The DCMS added in a government response to a consultation on the reform bill that in the short term it will allow cookies to be placed on a user’s device without explicit consent, for a “small number of other non-intrusive purposes”. However, the DCMS said it had noted respondents’ concerns about privacy and control over their personal data. It added that the opt-out approach would only be adopted once the right technological and browser-based solutions become widely available.
A cookie is a text file that a website drops into a person’s browser. So-called first party cookies record basic information about the visit, such as whether the user has logged on to a specific site before, which can allow websites to save usernames and passwords.
Third party cookies allow commercial entities, such as marketing and advertising businesses, to store information including browsing history and location. Third party cookies, through agreements with multiple publishers and websites, are able to create a profile of individual users and serve targeted adverts across multiple websites. However, they are being phased out. Apple and Mozilla have blocked third party cookies on their Safari and Firefox browsers and Google is doing the same on Chrome by 2023.
Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.
Remember, CyberSecurity Starts With You!
- Globally, 30,000 websites are hacked daily.
- 64% of companies worldwide have experienced at least one form of a cyber attack.
- There were 20M breached records in March 2021.
- In 2020, ransomware cases grew by 150%.
- Email is responsible for around 94% of all malware.
- Every 39 seconds, there is a new attack somewhere on the web.
- An average of around 24,000 malicious mobile apps are blocked daily on the internet.