Data Protection “Shake Up” Targets Cookie Pop-Ups

The UK’s new Information Commissioner will oversee a post-Brexit “shake up” of data protection rules, including the end of cookie pop-ups.

John Edwards, the next head of data regulator at the Information Commissioner’s Office (ICO), is currently New Zealand’s Privacy Commissioner. He says it is a “great honour” to be named as the government’s chosen candidate.

The government say he will “go beyond the regulator’s traditional role”. The job will become “balanced” between protecting rights and promoting “innovation and economic growth”. His predecessor Elizabeth Denham describes it as an “important” role that has never been “more relevant to people’s lives”.

Mr Edwards looks “forward to the challenge of steering the organisation and the British economy into a position of international leadership in the safe and trusted use of data for the benefit of all”.

The government announced the plans to shake-up the ICO along with changes to data protection after Brexit.

The end of “endless” cookies

Digital Secretary Oliver Dowden said in a newspaper interview that plans include removing “endless” cookie pop-ups. These are now a common occurrence on the majority of websites, asking for permission from users to store their personal information. The use of cookies is widely thought of as a tool to comply with the EU’s GDPR data law. But the practice already existed before that came into force. Mr Dowden says “high risk” sites will still need similar notices, but a lot of others are just “pointless”.

The reform of data protection rules is viewed as “one of the big prizes of leaving” the EU. Mr Dowden believes there is currently a lot of “needless bureaucracy and box ticking”. There is need for a focus on working to protect people’s privacy. But it needs doing “in as light a touch way as possible”.

The proposed reforms will also expand to different types of data.

The official statement says the government will make new “data adequacy” partnerships a priority. This will enable the sending of people’s personal data internationally, to places like the US, Korea, Dubai and elsewhere. Data adequacy means an agreement that protections in place are similar in both countries, to ensure that personal information stays safe.

Developing “a world leading data policy”

Currently, the UK has a data adequacy agreement with the EU, although it will need renewing in future. It is a key part of EU regulations, requiring talks during the Brexit negotiations. The agreement is subject to change if UK law moves too far from EU rules.

There are not many other details of what is in the reform, but the government promise to launch a consultation on what data laws will look like in the future.

The government claim that £11bn worth of trade “goes unrealised around the world due to barriers associated with data transfers”. But now the UK has left the EU, there is the potential to develop “a world-leading data policy that will deliver a Brexit dividend for individuals and businesses across the UK”. This means the UK’s data laws need reforming so they are “based on common sense, not box-ticking”. Mr Dowden is “determined to seize the opportunity”.

Data protection expert Andrew Dyson says the announcements are the “first evidence” of “a bold new regulatory landscape for digital Britain post-Brexit”. He is interested to see what follows on “reforms to the wider policy landscape that are just hinted at”.

Making data laws more complex

The announcement is a huge moment in the evolution of data protection policies in the UK.

Mr Edwards is not afraid to take on the tech giants, with previous attacks on Facebook as “morally bankrupt pathological liars”. Meanwhile, the current commissioner received criticism from some privacy campaigners for not doing enough to protect data rights.

The digital secretary’s idea to target cookies in the government’s new approach to regulation could prove a popular move. Many internet users are frustrated by needing to constantly click on cookie banners every time they visit a new website.

Data protection specialists warn that it is all too easy to create headlines about proposed new regulations. But it is much harder to create these new rules and actually put them into action.

And although tech companies might complain about EU data laws, they may just see the UK having their own rules as another layer that makes things more complicated. Rather than seeing it as a big opportunity, it is making their global policies more complex.

Thank you for reading Data Protection “Shake Up” Targets Cookie Pop-Ups

---