Jun 22, 2021 08:00:00

A new standard `` ADPC '' that does not need to be said `` please allow cookies '' every time is proposed

People who have experienced the 'banner asking for consent to use

cookies ' being displayed on most of the screen, making it difficult to read the website, or having to click repeatedly to disable cookies. There should be many. In many countries, the law stipulates that websites require users to consent to the use of cookies, but this makes this banner unnecessary as it reduces the usability of browsing. A standard called ' Advanced Data Protection Control (ADPC) ' has been proposed.

New browser signal could make cookie banners obsolete
https://noyb.eu/en/new-browser-signal-could-make-cookie-banners-obsolete

A new HTTP spec proposes elimination of obnoxious “cookie banners” | Ars Technica
https://arstechnica.com/gadgets/2021/06/tired-of-accepting-rejecting-cookies-adpc-wants-to-automate-the-process/

Due to the enforcement of the EU General Data Protection Regulation (GDPR) , prior consent is required for websites to use user cookies. For this reason, many websites display a banner at the bottom of the website asking for user consent.

However, these banners take up a lot of the browser screen and reduce readability, especially on smartphones with small screens. In addition, the use of 'dark patterns', which are designed to deceive users when giving consent, is also being viewed as a problem.

Against this background, a new proposal is called Advanced Data Protection Control (ADPC). ADPC is a mechanism in which privacy settings are set in the browser in advance, and when the user visits the website, those settings are reflected in the communication.

ADPC is proposed by a non-profit organization called ' My Privacy is None of Your Business ' and a research institute called ' The Sustainable Computing Lab '. There are two. The former communicates with the web server and the latter communicates with the website to send a list of 'user cookie consent identifiers'.

Whether via HTTP headers or via JavaScript, consent is sent in the form of a JSON file that looks like this:

{
'consentRequests': {
'cookies': 'Store and/or access cookies on your device.',
'ads_profiling': 'Create a personalized ads profile.'
}
}

Alternatively, with the HTTP header method, the web server will link directly to the consent file in its response to the HTTP GET.

HTTP/1.1 200 OK
Links: ;rel='consent-requests'

When a web browser detects this link, it either responds with settings previously configured by the user or requests a response from the user via a pop-up dialog. And when the user sets it, the browser will include ADPC in future HTTP GET requests as follows.

GET /page.htm HTTP/1.1
Host: website.tld
ADPC: withdraw=*, consent=cookies

In the case of the above method, the display asking for consent to use cookies is similar to the popup that is displayed when the app asks for the use of the camera, instead of the giant banner at the bottom of the screen. While existing banners can be intentionally complicated with dark patterns, this method is believed to be simpler and minimize user “click fatigue”.