The UK Government has now replied to the consultation on the Data Reform Bill, which will replace cookie pop-ups introduced when GDPR was rolled out, with browser-based opt-outs.
This GDPR overhaul proposes to extend ‘soft opt-in’, change the consent requirement for cookies, and impose greater financial penalties for cold callers and nuisance marketeers.
The consumer-focused law will remove frustrating consent banners for UK visitors and should be internationally trade-friendly for businesses.
While this modern implementation sounds attractive, it may pose a few issues and draw criticism:
- It will put a lot of pressure on technology providers, who have an inherent motivation to tip scales in their own favour.
- There are potential loopholes, where businesses could continue to harvest data, under the guise of “planned research”.
- It moves focus away from privacy, pushing it behind the scenes.
Alongside all of this, international companies in the UK need to be vigilant, as the Data Reform Bill could trigger cross-border data-sharing restrictions when moving the company’s own data to and from the EU. This was one of the main points raised by respondents to the consultation. The UK government has replied to those concerns, stating that it believes businesses will be able to move away from GDPR while maintaining adequacy with the EU.
UK companies will watch out for Brussels’ response to understand whether the EU will amend its own GDPR rules, or whether it will consider the new proposals to sufficiently maintain data protection for EU users. Few international companies are likely to remove their GDPR banners if it means data flow will be impaired from the EU to the UK.