The RGPD , approved in 2018, requires that all web pages ask for the explicit consent of users to save cookies in the browser. This is one of the many steps that many websites require when we enter for the first time, or even every time we enter a website if we reject it. However, a new proposal for the HTTP standard could change it.
The proposal comes from None of Your Business and the Sustainable Computing Lab , and would allow the user to choose their privacy settings only once in the browser itself, and it would already be this one that would be in charge of communicating that preference to the web pages that the user visit so that the pop-up is not displayed.
ADPC: the change that cookies need
The new standard, called Advanced Data Protection Control (ADPC) , establishes two ways of automatic communication of preferences. The first communicates directly with the hosting of the web that we are visiting, and the other communicates directly with the web page that we visit. The first will make use of HTTP headers , while the second will make use of JavaScript .
In both cases, the communication ends up reaching the web or server as a list of identifiers to which it gives consent. The HTTP method is more efficient, but requires the server web applications to support it. The JavaScript method works with any web page without a supported web configuration, although it will not work for those that block the execution of JavaScript.
This mechanism should have been proposed in conjunction with the approval of the European data protection law that required the consent of cookies, since it is adding an unnecessary step when visiting a website.
It is a proposal, but it would take time to implement
At the moment, this is a proposal carried out by a group of activists in the network, but it is quite firm and reliable. In the event that they decide to implement it, it could take years for us to see it as part of the Internet standard. You just have to see how long it took them, for example, to pass QUIC, the new secure standard that will replace TCP / IP.
The system also has a lot of room for improvement, and could also be slightly modular. For example, they could introduce a unique system of accepting cookies for websites that belong to the same company, such as all Google services, such as Gmail, Drive, etc.
