Source URL: https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2024/12/our-response-to-google-s-policy-change-on-fingerprinting/
Source: Hacker News
Title: UK ISO response to Google’s policy change on device fingerprinting
Feedly Summary: Comments
AI Summary and Description: Yes
Summary: The text discusses the ICO’s response to Google’s announcement allowing the use of fingerprinting in advertising from February 2025. It highlights concerns about privacy and the compliance obligations businesses must meet regarding user consent and data protection laws.
Detailed Description:
The text addresses significant developments in the landscape of online privacy and advertising technology, particularly focusing on the implications of fingerprinting as a method of user tracking. Here are the key points discussed:
– **Announcement by Google**: Google plans to lift its prohibition on the use of fingerprinting techniques by organizations utilizing its advertising products starting from 16 February 2025. This marks a notable shift in policy, which could have far-reaching implications for user privacy.
– **ICO’s Stance on Fingerprinting**:
– Stephen Almond, executive director of regulatory risk at the ICO (Information Commissioner’s Office), delivers a strong reaction, asserting that businesses cannot use fingerprinting without legal and transparent measures.
– The ICO is concerned that fingerprinting undermines user control and choice over personal data, as it allows for tracking without clear consent.
– **Comparison with Third-Party Cookies**: Fingerprinting might replace third-party cookies, bringing about more significant privacy concerns. The text mentions that fingerprinting cannot be easily controlled by users compared to cookies, making it a less favorable tracking method.
– **Legal Obligations**: Businesses are reminded that existing data protection laws, notably the Privacy and Electronic Communications Regulations (PECR), still apply. This entails:
– Businesses must obtain informed consent from users before implementing fingerprinting.
– Users should be provided with clear choices regarding tracking.
– Information rights, such as the right to erasure, need to be upheld.
– **Guidance Publication by ICO**: The ICO has published draft guidance on how data protection laws relate to fingerprinting and will launch a consultation on it. Organizations attempting to use fingerprinting must demonstrate compliance with these laws.
– **Challenges in Implementation**: The ICO acknowledges that meeting the legal obligations of fingerprinting as a tracking solution is complex. It warns businesses against viewing fingerprinting as a straightforward alternative to the now-limited capabilities of third-party cookies.
– **Public Impact of Fingerprinting**: The text explains that fingerprinting could potentially exploit user information without adequate means for users to control or delete it, contrasting with traditional consent mechanisms.
This content is particularly relevant for security and compliance professionals as it underscores the evolving privacy landscape, the importance of adherence to data protection laws, and the need for transparency in user data tracking practices. The guidance and upcoming consultations by the ICO could provide frameworks for organizations navigating the regulatory environment associated with fingerprinting and online advertising technologies.