Cookie monstering as a cover for data regime change - the UK picks a dangerous fight over GDPR

Common sense, not box-ticking! That’s the saber-rattliing message from the UK Government about how it views the shape of its future data protection regime now that Britain has left the European Union.

It’s part of a set of proposals that are, according to the UK’s Department of Digital, Cultural, Media and Sport (DCMS), intended to “boost growth, increase trade and improve healthcare”. The Department argues that there is an estimated “£11 billion worth of trade that goes unrealised around the world due to barriers associated with data transfers”. To get past those presumed barriers, the UK is targeting adequacy agreements for free flow of data with key countries.

The priorities on the UK’s list are the United States, Australia, the Republic of Korea, Singapore, the Dubai International Finance Centre and Colombia. India, Brazil, Kenya and Indonesia come close behind.

Cometh the hour, cometh the muppet

The UK Digital Secretary Oliver Dowden has made no secret of the desire for Brexit Britain to soften some of the bureaucratic strictures of GDPR. Today’s announcements are careful not to criticise GDPR explicitly, but there are already eyebrows raised in Brussels without doubt.

The EU only formally signed off on its adequacy agreement with the UK earlier this year, complete with an explicit warning that it would keep the situation under review in case the British Government backed away from its GDPR commitments. A European Commission spokesperson in Brussels yesterday reiterated:

In case of problematic developments that negatively affect the level of protection, the adequacy decision can be suspended, terminated or amended at any time by the Commission.

Dowden has decided, it seems, to pick that fight, declaring:

Now that we have left the EU I’m determined to seize the opportunity by developing a world-leading data policy that will deliver a Brexit dividend for individuals and businesses across the UK. That means seeking exciting new international data partnerships with some of the world’s fastest growing economies, for the benefit of British firms and British customers alike. It means reforming our own data laws so that they’re based on common sense, not box-ticking.

As of today, this is being sold to the Great Brexit Public in a mainstream media headline-grabbing way as the UK Government taking action to get rid of all those annoying cookie permissions that keep popping up when you’re using the internet. Dowden pre-briefed The Daily Telegraph - essentially the Conservative party in house magazine - that he was taking action to cut down on “pointless” online cookie banners, the latest Brexit ‘win’.

The likes of the Daily Mail bought it, hook, line and sinker:

 

In reality this is going to be a huge gamble - as diginomica warned back in March - and it’s going to need someone more savvy than Oliver Dowden to carry it off. (At this point, we might pause to consider that this might have been left in the libidinous arms of disgraced Health Secretary and former BT Apologist Matt Hancock, but at least we’ve been spared that!).

The person who will be on the frontline of trying to keep a lid on things is likely to John Edwards, the DCMS preferred candidate to take over as Information Commissioner in October. He’s currently the Privacy Commission for New Zealand, a country with which the UK does already have a data adequacy deal in place.  He says of the upcoming role:

I look forward to the challenge of steering the organization and the British economy into a position of international leadership in the safe and trusted use of data for the benefit of all.

The current Commissioner Elizabeth Denham was much more guarded in her response to the regime change:

Data-driven innovation stands to bring enormous benefits to the UK economy and to our society, but the digital opportunity before us today will only be realised where people continue to trust their data will be used fairly and transparently, both here in the UK and when shared overseas.

That’s a sentiment that maps onto that of UK technology trade association techUK, where Direct of Markets Matt Evans commented:

Data is a foundational asset for modern societies, creating accessible and trusted routes for businesses, civil society and researchers to access data from around the world will help drive innovation and create better digital services. However, these new routes must be trusted and command the confidence of the public. techUK therefore welcomes the technical assessment criteria and commitment to high privacy standards laid out by the Government. Both of these will be vital to maintaining access to existing data flows, such as from the EU as well as opening up global opportunities.

My take

'S' is for stupid!

I have a very bad feeling about all this. Yes, I get irritated at the number of pop-ups etc, but very few of these are really due to GDPR. At diginomica, we’ve done our absolute best to ensure that we are compliant without being intrusive and I’d hazard a claim that yes, it can be done.

This is a reckless route for Dowden to take and one that’s most likely to end up with having more compliance issues for business rather than less. And the explicit inclusion of examples of exploiting NHS data as a jolly good thing should have alarm bells ringing all over the country. Still, the cookies angle is playing well with the audiences that need to be addressed and the ‘cumbersome EU red tape’ angle is playing well with some.

Hey ho - turn right and keep heading on to the sunlit uplands! Muppets!