New UK proposals for cookies and data protection. Everything you need to know.



From double opt-in to cookie consent, data protection law has been the bane of many marketers and tech specialists' lives for some time now.

However, as part of its Data Reform Bill, the UK government recently announced new proposals to streamline and simplify some data collection processes, including cookie collection, to reduce the need for cookie consent by replacing individual pop-up messages on every website with a 'one-stop' data-privacy setting which would apply at the browser level.

What are cookies?

Cookies are small text files sent by the website you're visiting the device you're using and stored on your device's web browser to track and collect data from your browser to send back to the website owner.

Since the implementation of GDPR in 2018, it has become law to ask for consent to collect this data. This is why internet users are now constantly served pop-up banners to accept cookies when visiting a website, which can feel more than a little annoying for many people.

Why do companies collect them?

Tracking website users allows businesses to understand more about their customers, such as which pages they visit on the website, how long they look at them, where in the world they are, what sort of device they are using and where visitors go after they leave the site.

This is extremely useful data for organisations, as it can help them understand customer behaviour, tailor their site to create the best user experience and inform their advertising strategy based on what visitors are viewing.

However, there are advantages for the user too. For starters, some websites won't let you in unless you agree to cookie collection, but more importantly, companies can offer visitors a bespoke version of their website if they know more about them. Remembering that a user is interested in a particular topic or product means that when they return to the website again, they can be shown more of what they are interested in and less about other items or subjects. Storing cookies also allows websites to retain log-in information making it easier for visitors to access their online accounts and other restricted data when returning to a website.

What would the new rules mean?

The plans, released to coincide with London Tech Week, mainly focus on relieving the pressures put upon small and medium-sized businesses (SMEs) to comply with GDPR rules and instead concentrate efforts to clamp down on companies who hound people with nuisance calls. The UK government summarises the bill as:

"increasing financial penalties for pestering people with nuisance calls and minimising the number of annoying cookie pop-ups people see on the internet."

The proposals suggest scrapping what the government calls "red tape and pointless paperwork", which businesses are currently required to complete under EU GDPR, as part of a plan to "transform the UK's data laws for the digital age".

This would include allowing cookies to be placed on a user's device without explicit consent for a broader range of purposes, removing the need for websites to display pop-up cookie banners and moving to an opt-out model of cookie consent in the long term - except for content which is likely to be accessed by children which would remain more heavily protected.

It is estimated that the new rules could save businesses around £1bn over ten years, with the proposed changes also removing the requirement for SMEs to employ a data protection officer, allowing the ICO (Information Commissioner's Office) to be more flexible about which data protection cases it investigates and widening access to data for public health services and research.

How have the proposals been received?

Perhaps unsurprisingly, there has been a mixed reaction to the proposals, with many in the marketing and tech industries welcoming the changes which would make their jobs easier.

However, privacy campaigners are less impressed with the potential new legislation. Concerns that data could be more likely to fall into the hands of hackers and expose users to increased identity theft or online fraud is a significant worry, with digital campaign organisation, The Open Rights Group commenting that:

"At a time when personal data can be leveraged to do all sorts of wrong things, depicting data protection as a burden is wrong, irresponsible and negligent"

In addition, the legalities of how the new rules would affect data transition between the UK and EU are being investigated. Tech UK, the trade association who have worked with the government on the proposals, also noted that there are still several questions about exactly how the alternative browser-level cookies would work, suggesting more consultation is needed.

So, there is still a long way to go before GDPR rules are relaxed and pop-up cookie consent becomes a thing of the past but watch this space for updates.

If you are looking for your next role in marketing, tech or compliance, or if you are looking for top talent to join your team, contact McGregor Boyall today and find out how our expert recruiters can help you.