Europe’s Utiq: a solution to third-party cookies or a privacy nightmare?

Published: 5 June 2026
Utiq logo, the concept of cookies
Image by Cybernews

Centralized consent service Utiq is built on a promise to address privacy concerns caused by third-party cookies. Experts, however, aren’t convinced.

Key takeaways:
  • Utiq is a consent service created by the 4 biggest telecommunications companies in Europe.
  • The privacy-minded service is intended to replace third-party cookies and enable easier consent management, while providing personalized advertising.
  • Utiq works on the internet service or mobile provider level.
  • Experts tell Cybernews that Utiq’s network-level identity may be harder to escape than that of third-party cookies.

Utiq, developed by the 4 biggest telecommunication companies in Europe, Deutsche Telekom, Movistar, Vodafone, and Orange, says it has a solution to reliance on third-party cookies.

ADVERTISEMENT

It promises enhanced privacy while delivering personalized advertising to users.

The service is gaining traction amid growing fatigue around third-party cookies, which are considered one of the major invasions of privacy online. Because they collect significant amounts of personal information, this data can be used to create detailed user profiles.

Third-party tracking also often lacks transparency. Despite laws requiring users’ explicit informed consent for their data to be tracked and ensuring their right to refuse, websites find loopholes to siphon data anyway.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Eglė Kristopaityte
Don't miss our latest stories on Google News
Google News Follow us

However, the alternative, Utiq, which has over 70 million users, has also attracted criticism from privacy experts and advocates.

Anthony Perrod, a co-founder of Apokrat, a privacy tools company, called Utiq “a massive network-level tracking tool” in his recent LinkedIn post, saying the technology is “far worse” than third-party cookies.

“They claim your data is safe because the tokens are ‘encrypted.’ But in the OPSEC world, we know pseudonymization is highly reversible. By crossing these tokens with other databases, re-identification is frighteningly easy,” Perrod wrote.

ADVERTISEMENT

How does Utiq work?

When a user visits a website or app, they are displayed a Utiq consent banner asking whether they agree to be identified via network connection. If a user consents, Utiq sends a request to the user’s internet service or mobile provider.

This allows the provider to generate an anonymized token, called ConsentPass, that enables consent across different websites without revealing their identity.

The company says users can give and manage their data use permissions on Utiq’s centralized Consenthub, where consents can be withdrawn with a single click. Meanwhile, data is secured through encryption.

Is Utiq less intrusive than cookies?

Mariano Facundo Scigliano, cybersecurity expert and founder of VisionTech Solutions LLC, says Utiq may appear more honest than third-party cookies – at least on paper – as consents can be managed in one place. But there’s one important caveat.

“A cookie is something you can delete, while a network-level identity is something that follows you. Utiq trades the chaos of cookies for something cleaner, but also far more stable and much harder to escape,” Scigliano tells Cybernews.

A 2024 preprint concluded that the Utiq service may be considered more intrusive than third-party cookies, as its tokens are based on unique parameters that can precisely identify the user over time, unlike regular cookies, if they are periodically cleared.

Moreover, websites using the Utiq service often employ other web-tracking systems, including very intrusive methods such as font fingerprinting, according to the preprint. The technique identifies and tracks users based on their unique font sets.

A cookie is something you can delete, while a network-level identity is something that follows you. Utiq trades the chaos of cookies for something cleaner, but also far more stable and much harder to escape.

Mariano Facundo Scigliano
ADVERTISEMENT

Utiq, however, says that requesting the removal of all consents will result in the deletion of all data processed as part of the Uniq technology within 24 hours.

Julian Gage, a co-founder of a data privacy services company Engage Compliance, notes that Utiq’s identifier covers the whole household, not just the person who clicked accept.

“The person who signs up is consenting for everyone on that connection,” he says.

What are Utiq’s cybersecurity risks?

Utiq may be an attractive option not only for advertisers but also for cybercriminals.

“A cookie breach leaks some browsing habits from a throwaway ID. A breach of a network-anchored identifier leaks browsing habits tied to a person the carrier can actually name,” Scigliano tells Cybernews.

Cybercriminals are increasingly targeting consent infrastructure. In 2024, identity-based attacks accounted for 60% of all Cisco Talos Incident Response cases, according to the cybersecurity company’s report.

Scigliano explains that persistent IDs allow correlating and re-identifying someone across websites.

He tells Cybernews, “Even a ‘pseudonymous’ identifier becomes a powerful linking key once it's combined with other data.”

ADVERTISEMENT

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Meta has quietly shipped the technology needed for facial recognition glasses
Hackers getting an easy ride: misconfigured cloud settings behind growing number of data breaches
Anthropic claims AI is too fast and needs to hit the brakes: let’s take it with a pinch of salt
US lawmakers push new bill on AI safety, state law limits, worker protections
Pewdiepie declares war on big tech following the release of his free and local AI workspace
California tech CEO busted for selling forbidden US technology to Iran’s nuclear agency
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked