back to article Cookie consent crumbles under fresh UK data law proposals

The UK government has published its plans for reforming local data protection law which includes removing the requirement for consent for all website cookies – akin to the situation across much of the US. Also notable is the removal of the requirement for a Data Protection Impact Assessment, as well as a new political …

  1. heyrick Silver badge

    Will this current government's blatant corruption ever cease?

    (see above)

    1. Someone Else Silver badge

      Re: Will this current government's blatant corruption ever cease?

      Seems that American-style lobbying by the fatass corporations is alive and well in Blighty. (As an American, I apologize...)

      Wonder what the quid for this quo was?

      Yes, I know that 'quid' is another word for money (the Pound Sterling, IIANM).

      1. fidodogbreath

        Re: Will this current government's blatant corruption ever cease?

        Seems that American-style lobbying by the fatass corporations is alive and well in Blighty.

        The US didn't invent bribery.

        1. anonymous boring coward Silver badge

          Re: Will this current government's blatant corruption ever cease?

          What in "American-style lobbying" implies they invented bribery?

          1. Jedit Silver badge
            Headmaster

            "What in "American-style lobbying" implies they invented bribery?"

            The "American-style" part implies that they're the ones who started doing it that way and other people are copying them. At the very least it gives them undue credit.

        2. teknopaul
          Joke

          Re: Will this current government's blatant corruption ever cease?

          US didn't invent bribery, but they did legalize it.

    2. Andy 73 Silver badge

      Re: Will this current government's blatant corruption ever cease?

      Seriously?

      The current (relentless) cookie pop-ups are not a solution to privacy, and the insistence that small companies have to jump through hoops designed to slow down industry behemoths is an insidious harm to new businesses.

      This is nothing to do with big businesses "getting their way" (they already have), but a much needed admission that the current regime is a deeply flawed piece of petty bureaucracy that achieves next to nothing.

      If you're serious about privacy for the masses (not your personal paranoia), then you shouldn't be advocating for the current idiotic sticking plaster of half baked pop-ups that only serve to obstruct and obfuscate.

      1. Richard 12 Silver badge

        Re: Will this current government's blatant corruption ever cease?

        99% or more of those popups are already illegal.

        The problem is that almost nobody is enforcing the law.

      2. LybsterRoy Silver badge

        Re: Will this current government's blatant corruption ever cease?

        I installed "I Don't Care About Cookies" but Amazon have changed how their's works, and the beeb has an annoying "please sign in" pop over after reading the news site for a while.

        Have about ten thousand extra upvotes

        1. unimaginative

          Re: Will this current government's blatant corruption ever cease?

          I Don't Care About Cookies plus Cookie Autodelete plus blocking third part cookies gives you far more privacy than the cookie law could.

          I used to use Cookie Whitelist but the cookie law made it impractical because I need to allow cookies on most sites so the cookies recording cookie consent (or not) can be set.

          As for GDPR what I would like to see is exemptions for smaller businesses and organisations that have customer data for internal use. Facebook and Google may need strict regulation but a business with a few thousand customers should not need to worry about GDPR, nor should a parish church maintaining a contact list of its congregation. Both real examples.

          1. Anonymous Coward
            Anonymous Coward

            Re: Will this current government's blatant corruption ever cease?

            "As for GDPR what I would like to see is exemptions for smaller businesses and organisations that have customer data for internal use. Facebook and Google may need strict regulation but a business with a few thousand customers should not need to worry about GDPR, nor should a parish church maintaining a contact list of its congregation."

            Wrong. Whilst the impact of a single large organisation may be detrimental to personal privacy the impact of a very large number of small organisations is also likely to be detrimental ("death by a thousand cuts") to an individual.

            Also define "internal use" - I would expect that most "smaller businesses and organisations" are using the likes of Microsoft (Office 365, Azure), Google (Gmail, Google Cloud), Amazon (AWS), etc to provide their IT services, it is unlikely to be solely stored on their own computer(s).

            These "smaller businesses and organisations" are the only entities that can decide what personal data to keep, how long for, etc (their IT providers cannot) and so that is why they are subject to GDPR, they are the Data Controllers of the personal data.

        2. Vometia has insomnia. Again. Silver badge

          Re: Will this current government's blatant corruption ever cease?

          Oh, yeah, I just saw Amazon's latest effort with several pages of "on/off" options which whose implications were unsurprisingly obfuscated.

      3. dht6000

        Re: Will this current government's blatant corruption ever cease?

        But wait til you read about what’s likely to replace cookie pop ups….. https://webdevlaw.uk/2022/06/17/data-reform-bill-cookie-popups/

  2. Ian Johnston Silver badge

    The government plans new laws to remove the need for websites to display cookie banners to UK residents, permitting cookies and similar technologies to be placed on a user's device without explicit consent.

    Good. Max Schrems is a pain in the arse and I curse his name every time I have to click yet another consent-to-cookies button before using a website. Today, everybody, I have been searching for "quick drying varnish".

    1. Anonymous Coward
      Anonymous Coward

      @Ian Johnston

      I cannot upvote you enough.

      And if you ignore the "click to consent" thing, they just dump the cookies and caches on your machine anyway.

      Cheers... Ishy

    2. Woodnag

      consent-to-cookies button

      Don't blame Schrems for consent-to-cookies buttons. They're illegal too. See https://noyb.eu/en

    3. LybsterRoy Silver badge

      Wow - 30 people so far like clicking on "accept all"

    4. imanidiot Silver badge

      You voluntarily click on consent to all? Are you all right?

      If anything there needs to be a mandate to make a "consent to all" button illegal and enforce having a "decline all" button.

      1. Ian Johnston Silver badge

        You voluntarily click on consent to all?

        Yup. Doesn't bother me in the slightest.

    5. John Robson Silver badge
      Joke

      So next week I should advertise quick drying varnish to you? Because you must want it all the time, *and* be happy to switch brands each time...

      1. Ian Johnston Silver badge

        So next week I should advertise quick drying varnish to you?

        If you want to, go right ahead. No skin off my nose, and potentially more interesting to me than something I never use.

        1. teknopaul

          Re: "no skinnoff my nose"

          All those billions made by Google, Amazon and Facebook come out of consumers pockets ultimately, and that almost certainly includes you.

          Even if you don't purchase on t'internet, everyone's bottom lines are affected by how these corps work, and that is passed on to you always.

          Your nose is raw, you've just forgotten the world when it wasn't

    6. hoola Silver badge

      Assumed consent is already there and the absolute worst has been the shift of much of the data-grab and tracking into "legitimate consent".

      The problem is that the Internet and and tool people use to interact with it (the web browser) are all big business, absolutely megabucks of money.

      whatever is planned to improve privacy and reduce tracking is just a game of whack-a-mole because the scummy corporations make so much money from our data.

      Cookie consent has just been one of them. You can reject all cookies except functional but then that list is as long as your arm. Then there is a separate tab for "legitimate interest" that even if you reject all cookies on the first is still enabled.

      Then you have to scroll down 1000 lines to find the "Reject All" button.

      This is just with enlightened users. The average user of a web browser just clicks the most obvious button within milliseconds of of it being presented. And that takes us full circle, for the 99.9% of people using the Internet, anything about cookie choice is irrelevant. Now that is a ridiculous situation to be in but that is exactly what the companies that control and make their money from "The Internet" want.

    7. Anonymous Coward
      Anonymous Coward

      The problem is the popups. You don't solve the problem by getting rid of the law.

      "It's annoying not to be able to use my phone whilst driving.... Let's get rid of the law!"

  3. Richard Tobin

    Straightforward solution

    Websites should not be allowed to set any non-essential cookies without the user opting in, nor should they be allowed to put up blocking banners. If they want more cookies they can just have a link to an opt-in page.

    1. Mike 137 Silver badge

      Re: Straightforward solution

      @Richard Tobin

      Absolutely correct. I long ago proposed an approach whereby only strictly essential cookies would be served by default, and web sites wishing to serve non-essential cookies could only do so if the site visitor consented. That would not require a 'pop up' - just a link somewhere on the page that the user could voluntarily follow should they wish to do so.

      The 'cookie pop up' has in fact been essentially used as a means of coercion into accepting non-essential cookies, as evidenced by the obtrusiveness of most - to the extent of blocking access to content unless selection is made (thereby encouraging thoughtless click-through). Indeed in several cases I have inspected, the non-essential cookie acceptance appeared to be unchecked (which is lawful) with styles enabled, but was shown to be ticked by default with styles turned off (illegal). And in all cases 'cookie consent' was provided by a 3rd party serve - surreptitiously engineered to favour the site host at the expense of the user.

      The legislators never intended for this to be the case

      1. Androgynous Cupboard Silver badge

        Re: Straightforward solution

        Absofuckinglutely spot on.

        Why are my choices "accept everything" or "do something annoying". Why was "accept minimal" not mandated as an option, and why was it not made a default? Advertisers might not be thrilled with the current disaster, but at least they've managed to subvert it to the point where we think that the consent process is the problem.

        1. Anonymous Coward
          Anonymous Coward

          Re: Straightforward solution

          It's happening. Many sites, Google included, are being forced to offer a simple reject choice instead of forcing users to go through multi-click processes to reject tracking cookies.

          Still nobody forced companies to use cookies dialogs, the could have chhose to honor the do not track flag or make cookies opt in in a separate page. They have chosen that way because they wanted to annoy people as much as they can to force them to accept cookie.

          GDPR requires informed consent before tracking. Just as long as you 'work with the industry' instead of setting the required rules to protect citizens' rights, the industry will try to water down any rule as much as they can.

          So you don't 'work with'. You listen to their opinions just like any other party involved, and the decide, even if the industry doesn't like it. There is no fundamental right to easy money exploiting others.

          1. hoola Silver badge

            Re: Straightforward solution

            Whilst that is correct the most obvious button is usually a huge coloured "Accept All" with a tasteful grey "Reject All".

            1. Graham Dawson Silver badge

              Re: Straightforward solution

              Perfect example of a dark pattern, that.

      2. Anonymous Coward
        Anonymous Coward

        Re: Straightforward solution

        "I long ago proposed an approach whereby only strictly essential cookies would be served by default"

        There's no such thing as a strictly essential cookie. None of them are essential.

        Cookies only exist for two reasons: lazy/stupid web developers and marketing scum.

        Any web site that cannot work without cookies is fundamentally broken.

        1. Androgynous Cupboard Silver badge

          Re: Straightforward solution

          Don't be daft. HTTP is stateless - if you want to maintain any sort of state, you need either cookies or session codes in the URL (which don't survive browser crashes, and don't really bring any benefit over a short lived cookie). Without state we lose the ability to log in anywhere. No shopping carts, no web email, even Reg comments. How do you think you logged in to post this as... er, Anonymous Coward? OK, perhaps that's not a great example.

          It's the "bad cookies" I think most of us don't want. Unfortunately they're like bad art, tricky to describe up front but I sure them when I see them.

          1. Anonymous Coward
            Anonymous Coward

            Re: Straightforward solution

            "HTTP is stateless if you want to maintain any sort of state, you need either cookies or session codes in the URL"

            It's true HTTP is stateless. But that's a different thing. Browsers are perfectly able to maintain state - and do that without cookies.

            "Without state we lose the ability to log in anywhere."

            Nope. State is not needed to login - unless it's to a fucked up, badly designed web site.

            "How do you think you logged in to post this"

            By typing the username and password while cookies were disabled. It works just fine.

            1. Richard 12 Silver badge

              Re: Straightforward solution

              Which set a session cookie.

            2. low_resolution_foxxes

              Re: Straightforward solution

              One of the more irritiating things I find is the name "cookies".

              The name is deliberate chosen so that less tech savvy people think they are accepting a sweet treat - and not the actual thing being delivered in most cases.

              Would your average grandma agree to something that said "Accept All Creepy Stalking Software so we can monitor your web browsing habits and sell that information to AOL?".

              It would change the game. Maybe if just a few of us start calling them "Stalkies" the trend will grow.

              1. J.G.Harston Silver badge
                Coat

                Re: Straightforward solution

                Wouldn't Grandma say Don't accept cookies from strange men websites.

                Mine's the one with cute puppies in the pocket. ;)

              2. Mike 137 Silver badge

                Re: Straightforward solution

                "One of the more irritiating things I find is the name "cookies". The name is deliberate chosen so that less tech savvy people think they are accepting a sweet treat"

                But what most people haven't been told is that cookies are not the only tracking mechanisms, but all tracking mechanisms are covered by the legislation (not fundamentally the GDPR but implementations of European Directive 2002/58/EC (in the UK - The Privacy and Electronic Communications Regulations).

                As browsers typically only have (minimal) control over cookies in the literal sense but not over other tracking entities (e.g. javascript widgets), the whole argument about cookie pop-ups has always been fairly devoid of meaning.

                But even if the only issue were with cookies in the literal sense, the fundamental problem with reliance on cookie controls in browsers as HMG are proposing is that the purpose of the cookie (essential for delivery of the service or for some other purpose e.g. tracking) can not be determined by the browser. Only the origin is detectable, and as 'serverless' delivery is increasingly implemented, it's probable that some third party cookies will be essential for delivery of the service, but of course others (maybe the majority) will be for other non-essential purposes. So how is the browser to distinguish between them? It can't, so the proposed change to the legislation will legalise uncontrolled tracking of all and sundry, as site publishers will rapidly work out how to prevent sites being usable unless all cookies are permitted regardless of their purpose.

                If I were cynical, I might suspect that the proposal is intended to achieve this in aid of what was referred to in the 'Digital Regulation: Driving growth and unlocking innovation' consultation (July 2021) as an intent to 'take a deregulatory approach' i.e. to make things easier for the big players to monetise us.

            3. localzuk Silver badge

              Re: Straightforward solution

              How does a browser maintain state without some form of client token to maintain that state?

            4. Anonymous Coward
              Boffin

              Re: Straightforward solution

              So how do you think the browser is telling the server that you are logged in next time you go there? By magic?

              No, it is not by magic: it is by sending a little bit of data which the server looks at and says 'oh, that is that nice coward person again, they have authenticated themselves with me, I need not ask them again'. You can call this little piece of data and elephant, or a fish if you like, but what it is is state.

          2. RobLang

            Re: Straightforward solution

            No longer the case; most browsers have local storage, which can hold state but are not cookies because they cannot be shared to 3rd parties. You can pass authentication as a bearer token in headers without the need for cookies.

            1. Androgynous Cupboard Silver badge

              Re: Straightforward solution

              Yes, you can use HTTP headers and you can also pass encoding session info in the URL - I made that point in my original post. But close (or crash) your browser and reopen and URL encoded state, or Authentication header state is gone. As for localStorage, they're worse than cookies - third party scripts running on your page (eg ads, social media links) have access to it. Cookies are the correct tool for this job, and remain useful when not abused by third parties.

        2. Jon 37

          Re: Straightforward solution

          If you have a web site that requires a log in, or a shopping site with a shopping cart feature, then cookies are a reasonable solution.

          And by logging in, or adding something to a shopping cart, you should be consenting to cookies for those purposes.

          But most sites shouldn't need cookies.

        3. Warm Braw

          Re: Straightforward solution

          Any web site that cannot work without cookies is fundamentally broken

          If you have a website that uses some combination of identification, authentication and authorisation, you need somewhere to store the token(s) that represent your present authentication status and level of access. You can of course encode that in a URL, but it makes bookmarking a bit of a pain and it simply turns your browsing history into a cookie jar by another name.

          The real issue is with cookies belonging to a domain other than the page origin and, whereas it might be attractive to block them completely, as long as you accept the need for websites to have multiple IP addresses (load balancing, redundancy, CDNs...) there will always be DNS games you can play to at least partially circumvent the block.

          1. Anonymous Coward
            Anonymous Coward

            Re: Straightforward solution

            If you have a website that uses some combination of identification, authentication and authorisation, you need somewhere to store the token(s) that represent your present authentication status and level of access.

            That may well be the case. This doesn't mean that somewhere must be a cookie. It often is because web developers are so lazy or stupid, they see any sort of identification, authentication and authorisation issue as a cookie-shaped nail that can only be hit with a cookie-shaped hammer. Instead of actually thinking about the problem that needs solving, they just reach for the cookie jar.

            1. Warm Braw

              Re: Straightforward solution

              This doesn't mean that somewhere must be a cookie

              Cookies are just local state. They are the only local state that all browsers offer, so I'm not sure where else a web developer, regardless of talent or work ethic, might think to store this data. You can easily turn off the persistent storage of local state in your browser and that should perhaps be the default, but that's not within the control of the web developer.

              Any other local state would have exactly the same issues - you don't solve the problem by changing its name.

              1. Anonymous Coward
                Anonymous Coward

                Re: Straightforward solution

                "Cookies are just local state. They are the only local state that all browsers offer"

                There's also "local storage":

                https://developer.mozilla.org/en-US/docs/Web/API/Window/localStorage

                1. localzuk Silver badge

                  Re: Straightforward solution

                  A rose by any other name...

                2. Anonymous Coward
                  Anonymous Coward

                  Re: Straightforward solution

                  The whole cookies law wasn't really about *cookies*, it was about controlling whether sites could store data on your machine - and with Local Storage they can definitely do that! It can be used to the same effect.

            2. anonymous boring coward Silver badge

              Re: Straightforward solution

              I wouldn't call people stupid when I clearly haven't grasped how things work myself. Just a little tip for you.

        4. Paul 195
          Facepalm

          Re: Straightforward solution

          "Any web site that cannot work without cookies is fundamentally broken."

          Am I right in thinking you've never developed any website that needs to maintain session information? Which these days tends to be *most of them*. However, most of the time you shouldn't need to serve the user more than one cookie for that (although it starts to get more complicated when the friendly page you serve your user is pulling content from several different places).

      3. DJO Silver badge

        Re: Straightforward solution

        I wouldn't mind so much if once I've said "no to all cookies" that was it but it never is, every month or so (and El Reg is not an exception) up comes the stupid pop-up I suppose just in case I've changed my mind.

        I wonder if you select "yes to all cookies" do you still get the cookie message at the same interval or are they deliberately making it as irritating as possible for those who opt out?

        1. LybsterRoy Silver badge

          Re: Straightforward solution

          When I exit my browser it zaps cookies. I can't ask it to remember things (eg logins) when I then tell it to forget things.

          People (lazy sods that they are) want the computer to do the work for them. Most don't care about cookies, don't care about their web activity being tracked, and see the popups asking "will you accept cookies" as an annoyance.

          What you, and a lot of the others on this forum seem to want is "remember things that make it easier for me and forget the rest" but the problem comes from the fact that the computer has to remember what to forget - woops.

          1. low_resolution_foxxes

            Re: Straightforward solution

            You can set certain websites to maintain the cookies.

            I tend to use Firefox with auto-delete when I want full privacy. If I need to login to Amazon or something to do something logged in, I will simply swap to Chrome for five minutes.

            1. John Robson Silver badge

              Re: Straightforward solution

              But I only need the login cookie for site x, not all the other crap they want to store.

            2. nobody who matters

              Re: Straightforward solution

              ".....I tend to use Firefox with auto-delete when I want full privacy. If I want to freely give my private data away without restriction, I will simply swap to Chrome for five minutes...."

              FTFY ;)

    2. Joe Drunk

      Re: Straightforward solution

      Websites should not be allowed to set any non-essential cookies without the user opting in

      They shouldn't but they do because you're just another revenue stream. Straightorward solution? Block all cookies, not just third party. You don't need them unless you're logging on to a website. Mozilla warns me that disabling all cookies will break websites but that's a load of BS - websites all work fine unless you need to log on. I cheerfully click 'Accept All Cookies' on websites that prompt me then check browser cookies - empty.

      https://addons.mozilla.org/en-US/firefox/addon/cookiesnew/

      This Mozilla browser extension toggles acceptance/blockage of all cookies. I enable cookies to login/shop/bank then remove them but otherwise all cookies are blocked.

      No one cares about your privacy except you.

    3. NerryTutkins

      Re: Straightforward solution

      Much as I agree, I think the whole cookie popup thing is a disaster. It should never have been that each individual site is responsible for deciding the wording and interface for opting in and out of cookies, and writing all the code to manage it.

      Instead, there should be clearly designated types of cookies (essential, third party, tracking, etc.) as web standards, each site then only need designate when creating a cookie what type it is. The interface to opt in or out, or select what to do with each type of cookie would be built into the browser itself.

      Of course this would only apply to browsers created going forward, but at least users would get a consistent interface regardless of site, because lets face it, it's a shit show now where every site you visit gives you options in different parts of the screen, in different colours and fonts, with different wording and options.

      Furthermore, it makes far more sense to push the workload for implementing this to browser makers, of which there are very few, than instead expecting every web site on the internet to create their own custom code to manage this, or have to install some plugin or other code. This way, each site only needs to add an attribute to each cookie designating what type it is, and the browser takes care of presenting the choice to the user and accepting/rejecting cookies.

      1. Richard 12 Silver badge

        Re: Straightforward solution

        That is basically what Do Not Track said.

        However, websites decided to be evil and igbore it - and they didn't even set the evil bit!

        That's why the force of law against said webmasters is required. Sadly, nearly all of them break the law.

        1. Dan 55 Silver badge

          Re: Straightforward solution

          There was also P3P which was ignored as well.

          I'm beginning to see a pattern.

      2. 0x80004005
        Big Brother

        Re: Straightforward solution

        A big part of the problem is that the average ordinary Joe doesn't understand what the implications of accepting or rejecting these different "flavours" of cookie will be.

        And, to avoid being patronising here, they shouldn't have to.

        When you plug your toaster into the socket, you don't need to check a box to confirm that there is 240V AC 50Hz in the wires; and if you didn't specifically opt out you'll get 100000V on the line.

        We in IT are still in the wild west era, like electricity was 100+ years ago. We need to develop our own equivalents to fuses, circuit breakers and overload protection, so anyone can use the internet without a "shock".

        But when all the incentives point in the other way, so having live wires poking out everywhere means you make a shed load more money, it's going to be a long time before we get there.

        1. LybsterRoy Silver badge

          Re: Straightforward solution

          -- A big part of the problem is that the average ordinary Joe doesn't understand what the implications of accepting or rejecting these different "flavours" of cookie will be. --

          Fully agree - neither do I and I've never seen any one of these security and privacy spell it out in terms that might be understandable. Ooooo they'll collect your browsing data and monetize it - yeah what does that ACTUALLY mean to me - does it put up the cost of a loaf of bread or what?

        2. Ian Johnston Silver badge

          Re: Straightforward solution

          A big part of the problem is that the average ordinary Joe doesn't understand what the implications of accepting or rejecting these different "flavours" of cookie will be.

          Or perhaps those "implications" aren't nearly as awful as the tin-hatted brigade would like us all to think.

      3. LybsterRoy Silver badge

        Re: Straightforward solution

        Over the years one of the worst things I've encountered is techies proposing techie solutions with not a thought in their heads about what the poor long suffering user wants.

    4. Falmari Silver badge
      Mushroom

      Re: Straightforward solution

      @Richard Tobin “Websites should not be allowed to set any non-essential cookies without the user opting in, nor should they be allowed to put up blocking banners. If they want more cookies they can just have a link to an opt-in page.without the user opting in, nor should they be allowed to put up blocking banners. If they want more cookies they can just have a link to an opt-in page.”

      The solution is more straightforward than that. Websites should not be allowed to set any non-essential cookies. The end, no opt-in option, no asking for consent. Consent cannot be given because:-

      a) The person giving consent may not be able to give informed consent e.g. a child.

      b) The person giving consent can only give consent for themselves not for others that may use the device. How can the websites know that the person using the device 10 mins later is the same person that gave consent?

  4. VoiceOfTruth Silver badge

    The UK

    is a nation of docile serfs. They will eat any amount of shit their overloads deign to feed them. Doff your caps, you peasants.

    1. ITMA Silver badge
      Devil

      Re: The UK

      Admit it - you are a cat aren't you....

      My feline overlord expresses similar views....

    2. Jimmy2Cows Silver badge

      Re: The UK

      You're always a ray of sunshine, aren't you.

      Show us another - any other - nation that, in the majority of its population, is any different or has any real ability to make any difference whatsoever. Any nation that is not prone to political self-indulgence. Any nation whose populace is immediately able to challenge, affect and indeed override any decision made by their government.

      And no, protest don't usually make a difference. Governments that allow them by and large acknowledge then ignore them.

      1. seldom

        Re: The UK

        Switzerland

  5. Mike 137 Silver badge

    Britain leading again (?!!)

    "they are derailing the core purpose of data protection which is to protect rights and freedoms" Rowenna Fielding

    I (probably among others) hugely stressed this possibility in my response to the public consultation. The result is protection of data only, not protection of persons in respect of the processing of their data, so the entire original intent of the legislation as currently enacted is rendered void. Those to curb whom the legislation was conceived will be laughing all the way to the bank, and there will probably be plum jobs waiting at the data slurpers for ex-ministers to take up when they leave government office.

    Sadly, as other countries continue to model their data protection legislation on the GDPR as the best of kind so far, the UK appears to have decided to abandon it and throw human rights to the wind.

    1. Anonymous Coward
      Anonymous Coward

      Re: Britain leading again (?!!)

      @Mike 337

      I was with you until your last paragraph. Your last paragraph is a load of biased bollocks. Which makes me think you are clueless.

      Cheers... Ishy

      1. Hubert Cumberdale

        Re: Britain leading again (?!!)

        It looks a bit like you might be on your own there.

    2. RobLang

      Re: Britain leading again (?!!)

      Agree with this. GDPR is far from perfect and the cookie banners are annoying but the processing part and its impact on rights is the bigger issue.

      The decisions that are made by the algorithms based on the data collected is the real problem. Not thinking of today but tomorrow when insurance companies profile you based on your browsing habits and adjust your premium automatically or the private hospital provider automatically refusing to engage you as a client because of your profile. They can't do it now because of GDPR, they can if the processing requirements are slackened.

  6. Anonymous Coward
    Anonymous Coward

    "The government will work with the industry"

    Should be read "the government will bow to the industry"....

    1. Anonymous Coward
      Anonymous Coward

      Re: "The government will work with the industry"

      @LDS

      All governments everywhere bow to taxes that hopefully may get paid someday,, soz I mean't to say industry. It's just that some governments are more blatant about doing so than others.

      Cheers... Ishy

      1. heyrick Silver badge

        Re: "The government will work with the industry"

        In other news, big business continually avoid paying taxes by the use of offshoring and highly creative accounting...

        It's unlikely to be taxes, and rather more likely to be a more direct route between cash-strapped corp and politician's wallet.

  7. Doctor Trousers

    I fully agree with cookie consent requirements in principle, I don't believe the requirements should be lifted.

    In practice, unfortunately, most people have no idea what they are consenting to, and it has just put people in the habit of blindly clicking 'Accept' on anything that pops up on a website, which means they also blindly give consent to websites to bombard them with pop-up notifications, which leads to me getting phone calls from people who think they have "a virus or something"

    1. elsergiovolador Silver badge

      That's exactly what cookie consent is for, to legitimise the data collected by corporations.

      Before the cookie law it was a gray area, now it enables them to openly sell data as the subjects have consented.

    2. John Brown (no body) Silver badge
      Windows

      "I fully agree with cookie consent requirements in principle, I don't believe the requirements should be lifted."

      It seems to me that lifting the requirements will incur costs to the website because they have to spend time either stripping out the code, or re-coding so UK visitors no longer see the consent pop-ups that the EU will continue to see. Leaving things as they are ought to be cheaper since that money has already been spent implementing the cookie consent pop-ups.

  8. Doctor Syntax Silver badge

    Give sites the option of consent or do not track with a mandatory fine 1% of global turnover for every user tracked.

    1. Richard 12 Silver badge

      Seems a bit steep

      1% of the CEO's total post-tax compensation in the previous tax year, paid by the CEO.

  9. Dan 55 Silver badge
    Alert

    No thanks, EU! Hated rules SCRAPPED as UK to end 'pointless' web cookies in Brexit bonfire *

    Lots of comments about cookie banners but we really should be more interested in not being able to challenge automated decision making and the other stuff they've buried in this bill.

    Friends don't let friends be Express readers.

    * Actual Express headline.

  10. Anonymous Coward
    Anonymous Coward

    And for EU visitors ?

    Presumably UK sites will still need to comply for their visits. ?

    1. Ken Hagan Gold badge

      Re: And for EU visitors ?

      Not necessarily. A fair number of US sites dealt with GDPR by blocking EU visitors.

      1. JimmyPage Silver badge

        Re: And for EU visitors ?

        not great for trade then ...

        1. Androgynous Cupboard Silver badge

          Re: And for EU visitors ?

          We don't care about bleeding trade! This is Britain! We won World War 2 single handed and have made literally no strategic errors thanks to 900 years of unbroken conservative government. Trade is a type of cooperation, and cooperation is for girly swots. Onwards to victory! Crush the saboteurs! Send em back! Hanging's too good for them! Wait what was the question again?

        2. codejunky Silver badge

          Re: And for EU visitors ?

          @JimmyPage

          "not great for trade then ..."

          Not sure if your referring to the EU cutting itself off through imposition of the regs or the US companies not considering the EU regs worth complying with.

          In the end the usual trade situation occurs where people targeting foreign visitors will meet the requirements of that foreign country, otherwise it aint worth doing.

  11. Anonymous Coward
    Anonymous Coward

    People who bleat about "rights" forget that you ONLY have the "rights" society chooses to grant, and society can change its mind at any time. There is no such thing as a "natural" or "inherent" right that you are truly guaranteed.

    Anyone who thinks otherwise need only consider their so-called right to "freedom" and what happens to it when they get locked up for committing a crime.

    1. Anonymous Coward
      Anonymous Coward

      The world would be a much better place if people stopped banging on about "rights" and looked at the issues from the other direction, as "duties". For example, instead of saying a certain category of people have a right to something which helps them, we should say that people not in that category have a duty to ensure that the others get help.

      Sadly "duty" is seen as an archaic concept, after years of Labour politicians telling us that only "rights" matter. :-(

      1. John Brown (no body) Silver badge

        As someone so eloquently put in another comment on a different article, "rights" come with "responsibilities". Something many "rights warriors" conveniently forget while shrilly screaming about the rights that matter to "them" while showing little regard for others rights.

  12. fidodogbreath

    The War on Cookies is a good example of "be careful what you wish for," though. With cookies now easily defeated by the average consumer, adtech is moving their tracking to server-side where it's much harder to detect and block.

    1. Long John Silver
      Pirate

      Please clarify

      I followed the link you provided and found a reasonably clear description of how the marketing industry keeps tabs on potential customers.

      Please explain why server-side activity is harder to keep in check than client-side? In order for information to be processed and stored on the server it first must be allowed free passage from the client. Cannot that passage be blocked in similar manner to inward intrusions such as scripts?

      1. J.G.Harston Silver badge

        Re: Please clarify

        Isn't the "free progress of data from client to server" the URL? Without which you cannot fetch anything from the server in the first place.

  13. Long John Silver
    Pirate

    Intrusions are avoidable - teach people how to deny access

    I suppose everybody commenting here already implements one or more of the free to use 'apps' and browser add-ons available for blocking intrusions from 'commerce' on their personal devices. For some years I have managed a cookie-restricted, free from pop-ups, and 'ad-free' existence. For most interactions with the Internet little more than basic configuration of these protective utilities suffices. Sometimes, when sites by default push a large number of ancillary connections it is desirable by trial and error to identify which can be blocked e.g. script injecting sites.

    Perhaps, the generality of mankind deploys at most limited scope tools bundled with the MS Windows Home Edition and some may buy programs and suites offered on the Windows 'Market Place'. Because recent Windows Home incarnations have become marketing and entertainment places, ordinary users have limited control, but still can use the free tools alluded to above. Maybe some proportion of these users enjoy garish 'ads', 'pop-ups', tailored 'ads', and notifications; I doubt the Windows user interface would be so 'busy' were not that the case.

    Nevertheless, many users of Windows and Android devices are unaware of the power they have to curtail intrusions. Legal restriction on cookies etc. are almost irrelevant when a device is properly configured; the only truly annoying feature for which seemingly there is no workaround yet is the the permission seeking overlay which can deny access unless acknowledged.

    Almost universally in Internet connected schools across the globe Windows devices are used some of the time as teaching aids. Pupils generally have Windows PCs and laptops for home use and Android phones are ubiquitous in the West. Presumably all pupils are exposed to some general teaching about computer technology and IT; that is the point at which protection against commercial intrusion can be introduced. So far as I know, schoolteachers in the UK retain some flexibility concerning how a syllabus is approached. Should not teachers with IT knowledge accept as professional responsibility need to acquaint pupils with how to curb commercial intrusion? This particularly in context of Windows and Android devices. Given Microsoft's cleverly concocted dominance of educational computer use in schools and colleges, it may be too much to ask for pupils to be introduced to operating systems (primarily Linux variants) not inherently designed to service commercial marketing.

  14. mark l 2 Silver badge

    I doubt it is going to make much difference to the number of cookie consent banners you are going to see on a daily basis, sure UK websites that only server UK users can get rid of them. But if you have EU visitors then you are still obliged for them to consent to the cookies you want to use them.

    So i expect most websites will still keep them to err on the side of caution. After all many US websites have them and their is no legal requirement in the US for cookie consent banners, and that is a much larger user base than little old Britain and our 'taking back control'.

    1. nobody who matters

      Many US websites have them. I may be wrong, but I am pretty sure they only pop up when they detect an IP address which resolves to an EU geographic location.

      The same would apply to the UK if this change goes through - cookie consent banners will be automatically displayed to visitors to a UK website whose IP address is within the EU, but not to those located elsewhere (including those located in the UK).

  15. Tron Silver badge

    Weaponising privacy.

    Privacy law is one of the best weapons governments have to build walls on the net and fence off their turf in a deglobalised internet. If you don't comply with a nation's privacy laws, the state will block your site. At a stroke, the internet for UK surfers ends at Dover, aside from the huge, mainstream sites.

    That said, I would vote for anything that means I don't have to keep clicking 'Agree' on every damned website I go to. It is a pointless waste of time.

    1. Jimmy2Cows Silver badge
      WTF?

      Re: Weaponising privacy.

      You voluntarily click "Agree" on all cookie popups? Thought people here knew better.

      1. Ian Johnston Silver badge

        Re: Weaponising privacy.

        What actual, quantifiable, not-just-boogie-boogie-privacy harm could it do me?

  16. Anonymous Coward
    Anonymous Coward

    "bleaterr Cunch, counsel in law firm blinkhaters' global data team, said: "The reform of murder laws is also long overdue given the widespread annoyance caused by not being able to kill assholes."

  17. Anonymous Coward
    Anonymous Coward

    More Misdirection...........................

    Cookies ARE NOT THE PROBLEM!

    Take a look at various organisations which are aggregating personal information for profit:

    - Palantir (about to aggregate ALL medical records in the UK)

    - Acxiom

    - ClearViewAI

    ....not to mention the more obvious candidates (Google, FB, GCHQ, NSA.........)

    Cookies......don't make me laugh!!!!

    1. pdebarra

      Re: More Misdirection...........................

      Agreed. Cookies are just a distraction. What's more alarming is the proposal that the government have greater control over the ICO. The ICO and other supervisory authorities should be able to hold governments to account. They're supposed to work for the citizenry as a whole, not for governments.

    2. Anonymous Coward
      Anonymous Coward

      Re: More Misdirection...........................

      You forgot to mention a competitor for Palantir - UnitedHealth Group:

      - https://www.theregister.com/2022/06/20/us_lawsuit_alleges_meta_tool/

  18. Anonymous Coward
    Anonymous Coward

    In the torrie uk

    You only have rights it you are a £ or own lots of them.

    1. Jimmy2Cows Silver badge
      Headmaster

      Re: In the torrie uk

      Tory.

      Tories.

      Tory's.

      It's really not that hard.

  19. bsdnazz

    I guess the UK replacements/removals for GDPR and cookie consent are another way to make UK e-commerce sites less popular to EU consumers.

  20. Reality_Cheque

    Cookies - Yes, more options, see options, maybe, but never 'no'

    The primary user annoyance with cookies is the inability to simply click 'no'. You can have 'yes', or 'more options', but I'm pretty sure that's not how it was supposed to work.

    1. pdebarra

      Re: Cookies - Yes, more options, see options, maybe, but never 'no'

      You do see banners with a "Reject all" button. That's supposed to accept only the essential cookies. It should be the other way around, though. Put a little link at the bottom of the page to show the cookie preference centre, so that people really are making a choice to accept them.

      Of course, a large number of sites that do have a "Reject all" button still aren't compliant, as it's only a dummy.

  21. Boolian

    Reject all

    It's the new Anarchy.

    I do like GDPR cookie popups, not that I believe it makes a bit of difference if I do choose to 'Reject all' - a bit like voting.

    It's the 'Partner' data slurpers I like to see - many run to 300+ That tells me all I need to know about the ethos of the site. 'Spartan sites' I call them, ironically, but no-one laughs..

    Of course. vanishingly few are going to manually run down switching off 300+ 'partner' cookies & trackers; but It's a good way to decide to reject all that site offers and never return.

    The lovely caveat to 'Reject all' is 'Except necessary', but that's not user defined; so whither cookies when the 300+ have been deemed necessary... just like voting, or policy proposals..

    U-Blok-All : install and run on your nearest Government department today.

    1. Anonymous Coward
      Anonymous Coward

      Re: Reject all

      "I do like GDPR cookie popups"

      The "cookie popups" come from the Privacy & Electronic Communications Regulations (PECR), rather than GDPR :)

  22. Anonymous Coward
    Anonymous Coward

    Lemme see

    A few people who give a shit about cookies get upset about having to click to reject cookies so the UK tears up data protection laws, seems perfectly reasonable.

  23. Tubz Silver badge

    I totally agree with UKGOV that cookie consent banners should be removed and replaced by default opt-out, a website can provide a link to page the describes what each cookie does and who will receive the data and that explicit consent has to be given. Simple, clear and rules that only a lawyer can understand.

    1. RobLang

      It's default opt-in.

  24. David Lawton

    Good

    I despise with extreme hate those cookie consent pop-ups. They were not a thing until the EU poked its nose in (again) where it does not belong.

  25. Spanners Silver badge
    Flame

    This is not reforming

    reforming local data protection law

    In case I was mis-remembering what "reform" means. I looked it up.

    Dictionary.com puts it simply at https://www.dictionary.com/browse/reform

    Reform means the precise opposite of what the government does every time it talks about "reforms".

    As normal, this is specifically intended to make the system less effective.

  26. Ian Johnston Silver badge

    Data Protection Impact Assessment? It's a pretty safe bet that anything ending "... Impact Assessment" is a pointless piece of make-work for consultants, and not terribly bright consultants at that.

    1. Snowy Silver badge
      Joke

      What is Impact Assessment?

      Follow this three step program.

      Step one

      Hit it with a hammer! Did this break it? yes your done! no continue to step two

      Step two

      Hit it harder! Did this break it? yes your done! no continue to step three

      Step three

      Get a bigger hammer and repeat from step one.

  27. Persona Silver badge

    Review of risk

    I accept all cookies either with a plugin or manually where it doesn't work. It doesn't seem to be doing me any harm, so why are folks commenting on this forum so worried about cookies? Are there really virtual criminals using the information from cookies to data-mine browsing history, and if so should I care?

    1. Snowy Silver badge
      Boffin

      Re: Review of risk

      Depends on how happy you are for all your browser history to be collected and then sold.

      1. Persona Silver badge

        Re: Review of risk

        So the next review of risk questions ...... Are there buyers? How much would they get for it? How could they monetize it? Would it have any detrimental consequences for me? Why haven't I noticed them in the 28 years I have been using web browsers and not worried by cookies.

    2. nobody who matters

      Re: Review of risk

      Do some people really not understand the implications of all your personal data being held in a database on somebody elses server:- web visits, types of site you look at, things you buy, things you comment on and quite likely harvesting of personal details from your device relating to addresses, bank accounts, contacts, and quite likely passwords too (those doing the harvesting don't tell anyone openly exactly what they are harvesting and how they are storing it.). The build a profile which clearly identifies you and singles you out as an individual.

      They will claim it is 'anonymised', but this is claptrap - one of the main uses of this data is to feed supposedly relevant adverts at you, so it is quite blatantly obvious that it isn't anonymised; it points directly at you via identifying cookies, your IP address or identifying the profile of your device (formed from all the data you have allowed them to take).

      The risk is when other organisations (other than just a slingers) may start buying this data and using the profiles constructed from it to determine whether they provide you with (for example) insurance or healthcare.

      Then there is the risk that at some stage some miscreant finds a way to hack into the database of all this information and finds sufficient specific data to steal your identity. If you think this is trivial, I suggest researching the experiences of those who have had a brush with identity theft (and consider how you get it back when all the usual markers that prove who you are now point at somebody else).

      Sounds far-fetched perhaps?, but is nonetheless perfectly possible - do you know who all the entities draining your data from your device are? Do you know exactly what data they are mining from you? Do you know their data security arrrangements for keeping your data safe and secure? Do you know what other entities or individuals they are selling your personal information on to (or for what purpose)?

      The internet is not a nice, warm, friendly social club. It is more akin to the type of public house you might come across in some of the less salubrious areas of inner cities, which you would not feel safe entering unless you were already known and accepted by the locals (and in all probability would not feel safe entering even if you WERE already known and accepted by the locals).

  28. Ish148

    Tories gonna Tory

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like