The British government is considering an alternative to the GDPR in the wake of the country’s split from the EU. Its plans call for fewer cookie notification pop-ups and less aggressive enforcement by regulators.
The UK Culture Secretary Oliver Dowden told The Daily Telegraph that the country should have a new data protection law that protects consumer privacy, “but does so in as light touch a way as possible.”
His remarks are, in part, politically expedient. In Europe, where site pop-ups are rampant, dumping the notifications could draw cheers. But the government is also bringing in a new Information Commissioner – the individual tasked with data privacy enforcement – so a true change in approach is not outside the realm of possibility.
Dowden doesn’t only cite cookie pop-ups. He pointed to the “pointless bureaucracy” that dampens innovation, not just ad targeting.
The GDPR has heavy compliance costs: hiring a data privacy officer, for instance, plus audits of first-party databases and partners or vendors. A recent academic study found that venture capital investment in Europe is down by more than a third compared to investments in American startups or the rest of the world (though European data privacy and security startups were a bright spot for VCs). The authors of the report concluded that increased privacy costs in the EU motivated the drop, not to mention the much higher risks of fines and lawsuits.
A new UK enforcement regime could have more far-reaching impacts for ad tech, too.
Earlier this year, Google said it would not deprecate third-party cookies in Chrome without approval from the ICO and CMA, the UK’s respective consumer privacy and antitrust regulatory agencies. If the UK takes a less restrictive line on the use of third-party cookies, or perhaps even British publishers and technology companies prevail on the government to allow more targeted advertising, those agencies could derail Chrome’s plans entirely. Many industry execs loudly committed to building the next age of identity and privacy on the internet would quietly breathe a sigh of relief.
The ICO has frustrated privacy advocates before. Last year, the watch dog closed an investigation of Google and the IAB’s consent management framework for RTB. ICO regulator Simon McDougall said he was satisfied with the measures taken by the industry leaders and commitments for data privacy standards.
Secretary Dowden said a new approach to online data privacy would yield a “Brexit dividend” for web users and businesses.
“It means reforming our own data laws so that they’re based on common sense, not box-ticking,” he said.
