Anyone who regularly surfs the World Wide Web on a computer, smartphone or tablet with the help of an Internet browser cannot avoid cookie banners. The pop-ups, which are hated by just about everyone, are now to be abolished in Great Britain. This is what the “Data Reform Bill” envisages.
UK to lead the way in banning cookie banners?
The United Kingdom is opting to take a step that many EU policymakers with expertise in IT would have liked to see the European Union take as well. Instead of the annoying cookie notices popping up with a choice option, a model is now to be used that allows a general setting in the browser itself. The whole thing is to be legally underpinned by the “Data Reform Bill” – a law that is intended to strengthen data protection law on the Internet in particular. At present, cookie banners in the UK still look the same as in the EU. This means that a cookie banner appears when the vast majority of websites are visited. Here the user should decide whether he wants to agree to extensive data collection or instead limit the collection only to the necessary cookies.
This can prove to be a real test of nerves, especially during longer excursions on the Internet. After all, you have to define the cookie settings anew for each individual website visit. The UK wants to make this easier. The opt-out model is intended to make this possible. This is intended to ensure that people are much less likely to be annoyed with boxes when visiting a website. Instead, it should be possible to make general cookie settings in the browser. Once regulated, these will apply to all websites that collect cookies. This makes a lot of sense, as the opinion on cookie collection among Internet users usually does not differ from website to website.
Reach at cookie banner is still unknown
The prior setting of a course of action regarding cookie documentation in the browser is not new. This model is therefore called opt-out, since the moment of selection is, in a sense, upstream. Depending on which type of cookie collection is in the user’s interest, the Internet browser automatically passes on the appropriate information to the website when prompted to do so. However, we do not yet know how extensive the user’s freedom of choice will ultimately be in Great Britain. Consequently, it may even be possible to deactivate cookies completely. This would be a decisive blow against profiling, which is so hated by many data protectionists. At the same time, however, it would take away an important pillar of Facebook’s and Google’s financial success.
According to statements by the government, it wants to talk to all parties involved before finalizing the law. This does not only mean that data protection experts are to be called together. On top of that, IT experts are to help find a technically feasible option that is as uncomplicated as possible. Here, it is important that it is sufficient to define the cookie preferences once in the browser. One challenge here could be that the browser communicates successfully with the website and passes on the settings. Last but not least, the industry would also like to have its say. After all, it is precisely this that could possibly suffer financial losses.
Competition with the EU
With laws such as the GDPR and the Digital Services Act, which will soon come into force, the EU also has data protection regulations with a focus on the Internet. However, the provisions of both regulations do not go as far as the British “Data Reform Bill.” This could also be the result of a kind of competition, which has been observed again and again in the United Kingdom since Brexit. The British government would like to show that it is capable of making strong laws despite its exit from the EU. However, the new regulations in the UK do not seem to be exclusively stricter. In some cases, they are even softer than in the EU. For example, an independent data protection officer is no longer mandatory even in smaller companies.
If the company in question can take care of the classic risks of the Internet itself, then it is allowed to do so. However, this will have to be based on the type of company. Furthermore, the law in Great Britain would like to make a distinction between traditional companies and organizations. While the former are to benefit from somewhat more flexibility in data protection, organizations are still required to have extensive data protection management. According to the Ministry of Digital Affairs, the innovation will be particularly worthwhile for small businesses. They should now be able to save a lot of money.
New developments at the authority
Apparently, it is not only on the part of companies and organizations that something is to happen. With the new law on top of that the national data protection office (Information Commissioner’s Office) is to be renewed. This is to be achieved through various measures. One is the expansion of the management structure. This is intended to emphasize the high status of the authority and ensure its reputation in the international arena. The improved management structure should also ensure faster solutions to any problems that arise.
In addition, it should be easy for the population to take action against the data protection office in the event of violations. The government emphasizes that it is not the sole task of the Information Commissioner’s Office to ensure data protection with all its might. Rather, the authority must enable a peaceful coexistence between entrepreneurial freedom and development opportunities on the one hand, and the personal rights of consumers on the other. To achieve this, it should always make use of experts in the relevant subjects.
Data Protection Act to consolidate UK’s position
It’s quite amazing what the Data Reform Bill is supposed to be able to achieve. If you listen to the government’s words, this is by no means just about data protection for the citizens of the United Kingdom. Rather, they also want to further strengthen the country in its role as a global scientific superpower. To achieve this, the government wants to make it easier for scientists to access data relevant to their research. This must be done so as not to stand in the way of innovation unnecessarily. The government is also keen to make it easier to exchange data with other countries. This should be possible through the creation of data partnerships. Data transfer to the USA is likely to be a particular focus here.
There have been disagreements between the EU and big tech companies such as Meta and Google in this regard for many months. For example, Meta was on the verge of taking its services offline in the EU only at the beginning of the year. Finally, data for Facebook, WhatsApp and other services is currently being passed on to the US without a real supervisory body. In this, users have no guarantee that someone third party, such as the U.S. intelligence agencies, won’t take a look. Perhaps the British government’s approach could serve as a model for the successor to the Privacy Shield, which the EU and the US agreed on a few weeks ago. We are already curious to see what the final version of the Data Reform Bill will look like.