The Information Commissioner Christopher Graham has questioned the effectiveness of the EU cookie directive, suggesting that it was "dreamed up by politicians in Brussels" without the appropriate market research to back it up.
Speaking at the launch of a new report called The Data Dialogue by think tank Demos, Graham said that policies around the use of personal data by companies and public sector organisations need to be evidence-based.
"More and more citizens and consumers are waking up to the implications of sharing personal data online," he said. "By fresh thinking that recognises where the consumer is coming from, we can develop policies that really work."
His criticism of the cookie directive, formally known as the EU e-Privacy Directive, was backed up by Jamie Bartlett, senior researcher at Demos and author of the report, who said that implementation of the law had "become far too onerous".
The directive requires anyone running a website to get explicit opt-in consent from their visitors before deploying cookies on their machines.
Meanwhile Ronan Dunne, chief executive of O2, said that presenting consumers with a pop-up window that gives them the option to opt in or out of data sharing is a "very blunt tool" to deal with an extremely nuanced issue.
The Data Dialogue report, which surveyed more than 5,000 people, revealed high levels of discomfort with sharing data. While 27% said they were comfortable with supermarket loyalty schemes, only 10% were comfortable with Gmail scanning email content for the purposes of targeted advertising.
However, the research found that attitudes towards sharing change when people are given more control in choosing what data is shared, and when the benefit of sharing that data is made clear to them.
Nearly three-quarters (73%) of consumers said they would be reassured if they were able to withdraw data on request, 70% if they could see what personal information was being held, and 66% if they had an online dashboard to control data.
"In order for the UK to realise the potential in the use of customer data, for the benefit of consumers themselves, there needs to be a certain level of trust established and a fair value exchange realised," said O2's Dunne.
"There needs to be a unified push on transparency. Otherwise there will always remain confusion and concern amongst the public about inconsistent practices and standards."
Georgina Nelson, privacy lawyer for consumer watchdog Which?, suggested that one solution could be to introduce standardised privacy policies that would allow customers to make like-for-like comparisons, without having to plough through reams of legal paperwork.
The organisation is planning to introduce a privacy seal in the first quarter of 2013, which companies will be able to display on their websites if they meet certain data protection criteria set by Which?, in collaboration with the Information Commissioner's Office.
However, Nelson admitted that there is a fine line between giving consumers the information they need to make informed decisions, and bombarding them with information that they will not bother to read. She said that a lot of work would be required to get the balance right.
Graham concluded the most important thing was for companies to "treat their customers as grown-ups", and recognise that economic prosperity and growth should not come at the expense of people's privacy.
Join the Computerworld LinkedIn Group. This group is open to IT Leaders, MIS & IT Managers, Network & Infrastructure Managers who share insights, discuss challenges & wins and keep abreast of cutting edge technologies.