This is how cookie consent breaks down in UK law proposals • The Register

The UK government has published its plans to reform domestic data protection law which includes removing the consent requirement for all website cookies – similar to the situation in most parts of the US.

Also of note is the abolition of the Data Protection Impact Assessment requirement, as well as the new policy directive of the Information Commissioner’s Office.

But Nadine Doris, the Minister for Digital, Media, Culture and Sports, rejected controversial proposals to repeal the right to appeal against automated decision-making. Privacy campaigners said the proposals were “irresponsible” and would make it difficult for people to “challenge the government or businesses”.

Meanwhile, one law firm welcomed the response as an “incremental overhaul of the existing framework” – not an entirely new approach to data rights.

What exactly are suggested for cookies?

UK rules on cookie consent on the website and app are set to change if these proposals go forward. The government is planning new laws to remove the need for websites to display cookie banners to UK residents, allowing cookies and similar technologies to be placed on a user’s device without explicit consent.

The proposals — which also apply to apps on smartphones, tablets, smart TVs, or other connected devices — call for “browser-based and similar solutions that will help people manage their cookies and opt-out preferences.”

However, websites must provide the web user with clear information on how to opt out of setting cookies.

“The government will work with industry and the regulator to ensure that the technology is efficient and readily available so that people can set their online cookie preferences to opt out via automated means,” the proposals said.

How will you protect users from tracking?

“Reform of cookie laws has been long overdue due to the widespread inconvenience caused by cookie popups,” said Peter Church, advisor to the global data team at law firm Linklaters. “However, it is not clear how the new system will adequately protect individuals from excessive internet tracking. and intrusion.”

Elsewhere, the government has rejected proposals to abolish the right of individuals to challenge automated decisions made about them, a right enshrined in the European Union’s General Data Protection Regulation, legislation the government had promised to move away from after Brexit.

“Our proposals retain human review as is currently required under Article 22, but will ensure that the data subject has access to clearer safeguards for any significant decision made without meaningful human participation, potentially including justification for how a decision was arrived at that might enable the data to be easily identifiable. greater on how to include protected properties in the resolution.”

Church welcomed the move. “The government appears to have backtracked on some of the more radical proposals – such as replacing the GDPR with an entirely new framework for citizens’ data rights,” he said.

However, the proposals have alarmed privacy and rights activists. Organizations will no longer have to complete Data Protection Impact Assessments (DPIAs) prior to data collection. Instead, they will have to implement a “risk-based privacy management program” in order to “mitigate the potential risks of unidentified protected properties”.

Rowena Fielding, a data protection consultant, warned that a shift from the broader right to focus solely on privacy could pose a risk to individuals.

“If the government is talking about replacement [the DPIA] With the Privacy Management Program, which removes this massive requirement to comprehensively consider the rights that might be affected and avoid detrimental impact on them and replace it with a very narrow focus on privacy.

“This means that there will no longer be a requirement to consider the effects on labor rights, consumer rights, contractual rights, citizens’ rights and so on.

“It is actually very disturbing because it indicates that they either have not understood the data protection law at all or have understood it, and that they are obstructing the primary goal of data protection which is the protection of rights and freedoms.

“They are changing the conversation to reframe it in a very narrow sense that is about privacy,” she said.

The government is also proposing changes to the role of the Information Commissioner’s Office, which is the independent watchdog that oversees data protection in the UK.

The government plans to give itself the power to prepare a statement of strategic priorities (SSP) for the ICO to take into account when carrying out data protection functions, despite widespread criticism that this may undermine the independence of the office.

“Given the government’s commitment to ensuring the independence of the ICO, the SSP will fall under the primary objective of the ICO and its duties under the UK General Data Protection Regulation and the Department of Political Affairs 2018. While the ICO will be required to respond to the priorities set out in the SSP, the ICO will not be legally obligated to act According to the statement, moreover, the private sector support program will be subject to Parliament approval prior to its appointment.”

The move could expose the ICO to political oversight, corporate takeover and corruption, said Mariano Delle Santi, a legal and policy officer with the Open Rights Group.

“Worried about new ICO directives or investigation? Making a large donation to the party in government will ensure that the Secretary of State takes care of your concerns,” he said. ®

Leave a Comment

Your email address will not be published. Required fields are marked *