CRUMBS
Tim Turner
Practical ??+ theatrical ?? UK GDPR & FOI trainer & consultant. Not GDPR certified (no-one is). Available for hire online or in-person. Will supply own props.
Even though I (reluctantly) did a webinar on Friday, and I believe that most websites' use of them is unlawful, I don't care that much about cookies. I think the risks of cookies are significantly lower than many other issues, and I don't think the ICO should take action on them until many other things have received attention. Look at the ICO's annual report, and you can see that the public don't care about them. They're a tiny proportion of the complaints ICO receives, and I think Wilmslow (or London, or Canada, depending on where the Commissioner is these days) should be much more concerned with what the public are interested in.
I started to wonder: how many other things do I think the ICO should deal with before bothering with cookies? Would they make my top ten? The answer is an emphatic no.
I think the ICO should prioritise all of these issues above cookies: unsolicited marketing calls, poor accuracy (especially in the Home Office and the financial sector), weak cybersecurity, the use of mobile devices by public authorities, lack of transparency around data brokers (especially Experian), the sale of data about the financially vulnerable, failure to respect subject rights (especially by the police and political parties), excessive retention (everywhere), facial recognition (especially when used by the Met Police), racial and religious profiling (used all over the place), automated processing in recruitment (especially as it might discriminate against the neurodiverse), trade union blacklisting and the lack of DPIAs on big government projects. Cookies don't get close to my top ten priorities. I doubt they're top twenty. I want ICO to enforce and see if they can get results on all of these before they get to cookies. I think they could be kept constructively busy for a decade without ever getting to cookies.
领英推荐
I know I am a minority voice in the sector. Some of the people I respect most in the DP world care passionately about cookies (EDIT: you can go off people big time), and I know that tracking and profiling can be very dangerous in the wrong hands. But I honestly think that most web tracking is done for the purposes of advertising, and that's much less harmful than the use of racial profiling in criminal justice, or the unlawful market in personal data used to target people for loans and other financial products.
I also think that some of the concern over cookies is performative. Everyone uses cookies, and so if there was cookie enforcement, it might drive a lot of business for DP consultants. But what's good for DP consultants isn't necessarily what's good for society. The ICO should be primarily concerned with harm to the public and things people complain about. If you think cookies are the biggest data problem facing society, I think you're crackers.
Helping legal and accountancy practices with their information security and compliance needs.
6 个月I worked for the ICO - You'd be surprised how little they actually care about Justice and doing the right thing - When I worked for them all they cared about was budgets and money!
Senior Privacy Lawyer and Consultant
4 年Well said Tim - I’m with you, I hate debating Cookie non-issues.
Creative Privacy || Data protection / privacy - Plain English - Life and career coaching
4 年I wholeheartedly agree with this list Tim. One of the things that continues to dismay me is how far privacy has moved away from real risks and harms to the individual to (adopts whiny voice) ‘I got an email I didn’t want’ and naming and shaming companies on LI for their cookie banners.
IT User Support Manager and Technology Adoption Manager at Harrow Council
4 年Love the title Tim!