General Data Protection Regulation (‘GDPR’) and Privacy and Electronic Communications Regulations 2003 (‘PECR’)
The UK had to follow rigid guidelines in relation to data protection and electronic regulations as a result of being an EU member. However, as the UK have left the EU, the government is trying to move away from EU standards and ‘cut the red tape’ for organisations and businesses. Hence, changing the laws and regulations around data, in order for businesses to prosper.
Current Regulation:
Under the current legislation, cookies are not allowed to be placed on a device without the consent of the user. There are currently only two limited exceptions from gaining consent. These are:
- for purposes that are essential to provide an online service at someone’s request (e.g. to remember what’s in their online basket, or to ensure security in online banking); or
- where needed to transmit a communication over a communications network.
Consent is usually sought through a pop-up notice or banner which appears when a person visits a website. However, as you are no doubt aware, most of the time when a cookie consent banner pops up, you click the accept button without taking the time to read the terms. The UK in trying to change these regulations, aims to ensure that the ‘tick box’ attitude is adapted so that users are more aware, in practice, as to how their personal data is being used.
Proposed Changes:
The government intends to remove the need for websites to display cookie banners to UK users. This would see the government allowing cookies to be installed on a user’s device without explicit consent (for non-intrusive purposes). Moving forward, the government would operate an opt-out model of consent for cookies. This would mean cookies could be set without seeking a user’s consent however, the website must give the user clear information on how to opt out. Objectively, this would achieve a more hands on approach, breaking away from the ‘tick box’ consent that we are using currently.
How could this affect my business?
As a business, this may mean that you will no longer have to display a cookie banner on your website, in turn, this may provide a smoother and more enjoyable experience for your users. However, this is a change that the UK are considering and therefore it does not apply to other country’s regulations. Therefore, it may still be necessary for you to display such banners if you plan on operating outside of the UK. Although, this being said, the EU are also consulting plans to make changes to cookies and the consent surrounding this however, any such changes are unclear at the moment.
So what?
As it stands, the UK has been granted data adequacy by the European Commission, this means that personal data can travel freely (as it did before Brexit) between countries in the EEA and the UK. Without adequacy, it would make carrying out business and trade by UK businesses with customers outside of the UK very difficult. Therefore, when the proposed changes are being made, the UK will need to keep the EU ‘on side’ in order to retain this adequacy decision. Hence, if any drastic changes are made, the EU may revoke the decision.