Britain wants an end to the barrage of cookie consent pop-ups.
The government says new data reforms will heavily reduce the number of banners that appear on websites asking people to consent to cookies. The plans are part of a broader package of reforms from the U.K. seeking to diverge from EU data protection rules.
Cookies are small files created each time you visit a new website. They store information about your browsing habits and preferences. Some are practically harmless, helping sites function correctly.
Others, like the ones used by advertisers to track your browsing habits, have led to concerns over privacy. Google is actually planning to ditch third-party cookies used for advertising and replace them with a privacy-preserving alternative.
The U.K. is proposing switching to a framework where users can opt out rather than having to select whether they opt in to cookie collection, which the government says will result in far fewer of the “frustrating” boxes appearing online.
Digital Minister Nadine Dorries is seeking to push forward reforms to the U.K.’s data laws after the country’s withdrawal from the European Union.
However, some are worried that the shift may move British data standards too far from those of the EU, threatening a so-called “adequacy” arrangement that allows for the free flow of data between the two.
“EU adequacy decisions do not require countries to have the same rules,” a government spokesperson told CNBC.
“Our view is that these reforms are fully compatible with maintaining the free flow of personal data from Europe.”
Herbert Swaniker, a tech lawyer at law firm Clifford Chance, said the EU would be keeping a close watch on the U.K. plans.
“These reforms will need to carefully balance maintenance of this hard-won decision,” Swaniker said. “Some are concerned that reform could threaten the EU’s decision to allow free flow of personal data to the U.K.”
The British government said it also wants to increase fines for nuisance callers from a current maximum of £500,000 to up to 4% of a firm’s global turnover or £17.5 million, whichever is the higher amount.
Such changes will affect a 2003 privacy law rather than the U.K.’s version of the 2018 General Data Protection Regulation, which seeks to give people more control over how their data is used by organizations and threatens hefty fines for noncompliance.
Another measure means small businesses won’t have to appoint a data protection officer responsible for overseeing internal compliance, provided firms “can manage risks effectively themselves.”
Removing red tape?
The government says the reforms will cut unnecessary red tape, resulting in savings of £1 billion for businesses over 10 years.
But some experts worry they may actually lead to more hassle for companies by forcing them to implement separate data standards for the U.K. and EU.
Cillian Kieran, CEO of data security firm Ethyca, said doing away with cookie consent banners altogether “could destabilize the U.K.’s ability to innovate globally.”
“To altogether remove commonplace mechanisms for legal bases for web analytics, site performance, marketing and more poses significant business limitations,” he told CNBC last month.
“For instance, an international market might only be open to U.K. businesses if they take additional steps for data protection, such as limiting their data collection or processing the data in that country.”
The Data & Marketing Association, a trade body for marketers, said it welcomes the government’s proposals but added “not every recommendation made by our member organizations has been adopted.”
“We will continue to seek greater clarity in the final legislative texts around the use of legitimate interests,” said Chris Combemale, the association’s CEO.