11 July 2022

Since the United Kingdom’s exit from the European Union was made official, the country is not obliged to follow the GDPR.

In a statement issued by the UK Department for Digital, Culture, Media and Sport on June 17, the UK government outlined the changes it wants to make as part of its personal data reform bill. In 2021, the UK had indicated its desire to break away from the GDPR, which means creating a law tailored to the country’s wishes for data protection.

Towards the end of cookie pop-ups in the UK

The main change enacted by the British government concerns cookies. Indeed, since the implementation of the GDPR in the EU, when an Internet user visits a website, he may see an additional page (a pop-up) asking him if he prefers to accept or refuse cookies.

The purpose of this practice is to protect the user by giving them the option of whether or not a website can collect their personal data. This practice is not always respected by the sites: if it is the case, the CNIL (Commission Nationale de l’Information et des Libertés) as well as its European equivalents intervene to have the problem solved.

As part of the UK bill, the government wants to get rid of these pop-ups and replace them with an opt-out model. Instead of the user accepting or refusing cookies for each website, he chooses directly in the settings of his computer, if he accepts (or not) that the sites can collect his data thanks to cookies. The user can also create an exception list: if he wishes to refuse cookies on certain sites only, he will only have to add the domain name of the site in the appropriate list.

The objective is to allow Internet users to remain in control of their data, but to offer them a smoother browsing experience, without pop-ups or banners. Of course, if the browser is to provide these controls, the UK will need to engage with the developers of these browsers to ensure that this system works perfectly.

Several major changes from the EU’s prevailing GDPR

In addition to this major change, the upcoming personal data reform will make a few changes with respect to the GDPR. The Department for Digital, Media, Culture and Sport states that “the Data Reform Bill will more clearly define the scope of scientific research and make it clear to scientists when they can obtain consent to collect or use data for broad research purposes.

The goal is to ensure that scientists can rely on the consent an individual has provided so that their data can be used only for the specific research.

The government also wants to change the way companies can exploit personal data. For example, it will remove the requirement for small businesses to have a data protection officer or to undertake impact assessments to evaluate the risks of using that data. However, organizations will still be required to have a privacy management program to ensure that they are accountable for the processing of personal data.

If in 2021 the European Commission had ruled that personal data could flow freely between the EU and the UK, the enactment of this bill could potentially undermine that agreement.

Source : Slate