Are UK government plans to roll back GDPR good news for adland?

Will getting rid of cookie permission pop-ups deliver the Brexit dividend we’ve all been dreaming of?

Clockwise from top left: Pierre, Coyne, Wooller, Lok, Dennehy-Neil, Jacob, Onwurah, Mitchison
Clockwise from top left: Pierre, Coyne, Wooller, Lok, Dennehy-Neil, Jacob, Onwurah, Mitchison

It has been more than half a decade since the UK electorate made the fateful decision to cut ties with the European Union, and we must surely be getting close to the point now at which even fervent Eurosceptics start to wonder whether it was really such a good idea.

So far, the economic changes brought by Brexit have been more pain than gain both for businesses and consumers. In some of the more resonant developments, we’ve had the return of traditional British mobile roaming charges – once everyone’s favourite thing about going on holiday – and now we’re facing a Christmas without enough turkeys to go round. (Campaign, it should be noted, has been doing its bit to save turkeys from the block since last March.) And with a US-UK trade deal not looking likely any time soon, there won’t even be any chlorinated chickens to replace them.

So it was a relief to hear last week that the UK is finally set to enjoy its long-awaited “Brexit dividend” in the shape of an overhaul of the EU’s General Data Protection Regulation, which came into effect in 2018. In an interview with the Telegraph, culture secretary Oliver Dowden promised to get rid of some of the “red tape” imposed on businesses by GDPR, by, for example, abolishing the requirement for cookie permission pop-up boxes on websites. It would certainly make a change from the significant new red tape businesses have faced since last January.

Given that cookies as a tracking technology are on their way out – though at a slower pace than previously planned – the extent to which Dowden’s ideas are in tune with the future of digital media are unclear. Any attempts to diverge from the EU, meanwhile, will pose the same problems as the UK’s attempts to diverge in other areas have done, potentially affecting the ability of UK businesses to operate internationally. And of course, any developments that make it harder for consumers to understand and manage how their data is used is not good news for them, at least on the surface of it

Dowden’s wish to make it easier for local churches to advertise their jumble sales certainly seems reasonable – but looking a little higher up the food chain, would a rethink of the rules prove to be good news for adland?

Rob Pierre

Chief executive, Jellyfish

The proposed changes seem to reflect the government’s desire to accelerate its National Data Strategy. In the past 18 months, we’ve seen businesses (and the government itself) use data to build innovative experiences aimed at fostering growth and improving services. While it may be too early to assess the impact of any proposed changes, the development of the framework should lead to faster digital transformation with thoughtful consideration on how the right data is shared and processed in all industries. If, as a result, UK businesses have more access, freedom and guidance to use the cloud technologies available, we will inevitably see a great deal of value creation in the years ahead, which is something to be welcomed and encouraged.

AJ Coyne

Head of marketing, Klarna

The GDPR is far from perfect, and there are a lot of issues that need fixing. But consumers are becoming acutely aware of the need to protect their personal data. If adland (media companies ��) seek to commercially benefit by creating a broader data market and disregarding personal privacy, then while there will be short-term economic benefit, in the long term, this will cause greater harm and serve only to accelerate the decrease in consumer trust across advertising, brand and establishment (which is already in steep decline).

Sophie Wooller

Director of digital transformation, Croud

For many digital marketers, this change might be a moot point – technologies are increasingly limiting what we can do with data (for example, iOS 14.5, Chrome's delayed kibosh of the cookie). So even if the new regulations allow advertisers to do more with data, they may not be able to directly apply it in digital marketing – which, according to the IAB, now accounts for 70% of adspend in the UK. All of this means that new data privacy rules run the risk of being just another set of regulations advertisers have to navigate in a complex data ecosystem.

Steve Lok

Global director data customer strategy, Media.Monks

Should the UK use this opportunity to clarify its specifics on data protection, this would be an excellent opportunity to sync reality with intention. The original specifications in 2017 created the momentum necessary for today's beneficial push into first-party data solutions. However, in the intervening years, legislative vagueness enabled workarounds that subvert the spirit of protecting consumer privacy. A refined set of guidance in 2021 would improve the relationship between consumer and brand, which was, arguably, the main intent in the first place.

Christie Dennehy-Neil

Head of policy and regulatory affairs, IAB UK

Oliver Dowden says that proposed changes to the UK GDPR will be rooted in common sense, and it’s hard to argue with a policy that aims to improve consumers’ online experience. A more pragmatic and risk-based approach to data controls would likely enhance people’s experience of the digital environment, benefitting advertising. 

However, GDPR and ePrivacy controls (yes, including the pop-ups) play a valuable role in allowing consumers to manage how their data is used, and the government will need to ensure that any changes don’t erode consumer trust. UK-specific changes could also create a more complex and disjointed digital ecosystem for advertisers that operate across global markets.

Lastly, it’s imperative that changes to current practice do not endanger the UK’s data adequacy with the EU – doing so could freeze data transfers between the EU and UK. 

While we don’t yet have all the details about the proposed changes, the government has emphasised the need for continuing high standards of data protection, so adland shouldn’t expect a wholesale roll back of GDPR in the UK.

Iain Jacob

Chair, UK Online Measurement Company

Effective data regulation is fiendishly difficult to create. The cost of failure is enormous. Long in gestation, the GDPR is recognised, even by critics, as a good framework. The US has learned from it; the California Privacy Act of 2020 borrowed many of its principles. China recently introduced data privacy regulation, again learning from GDPR, to avoid overly dominant tech company abuse.

It’s welcome then that the UK government plans to liberalise data regulation while complying with EU data adequacy measures. High on rhetoric, short on fact, the announcement talked of “delivering a Brexit dividend”; “common sense not box ticking”; the intent to “move quickly and creatively”; opening new opportunities with Indonesia, Kenya Brazil.

This should strike fear into anybody that has a passing knowledge of the subject, especially when removal of consent pop-up irritation is used as a smoke screen for the potential exploitation of personal data.

The last thing our industry needs is chaotic, headline-seeking fiddling by a government, whose last gift was the unproven HFSS controls. Raising the risk of yet more European barriers will be truly damaging to our sector. Let’s hope that John Edwards brings the requisite intelligence to the process, while, hopefully, not allowing his loose Twitter finger to run wild again.

Chi Onwurah

Shadow digital minister, Labour

Rolling back GDPR under the pretext of banning banners may sound like win for consumers but the Conservatives have over-sold this minor change.

Setting aside that banners are not part of GDPR but the e-privacy directive, the secretary of state Oliver Dowden seems to have a misplaced sense of what’s holding back our digital economy.

Rather than reducing complexity and bureaucracy, diverging from GDPR will actually increase it.

The barriers British businesses face are much more around access to digital skills, infrastructure and non-tariff barriers, while for the digital economy as a whole, I believe the greatest danger is consumer mistrust, digital exclusion and low levels of digital skills.

Labour believes in in giving people more control over their online experience based on fairness, harm-reduction and innovation.

That, with appropriate reform of digital markets, will help ensure a more mutually beneficial relationship between consumers, advertisers and the services they need.

John Mitchison

Director of policy and compliance, DMA

The DMA agrees with the government’s position that the UK must strive to become a global leader in data, but there has to be a balanced approach from all parties. To unlock the value of data across the global digital economy, the UK must be willing to share expertise, ethical frameworks and values with the rest of the world to help elevate global data protection standards and create more opportunities for businesses.

However, the UK government should not risk the EU revoking our adequacy status when it provides so many benefits to businesses across Europe – the EU remains the largest market for UK advertising. In addition, DMA research shows that most marketers and businesses think GDPR was a change for the better. Our research has also found it to be a huge benefit for consumers, and it has inevitably increased trust in data sharing. If the UK government does plan to amend data protection laws, then it must remain in consultation with the EU to ensure all parties are happy. The government doesn’t need to go back to the drawing board, but there may need to be revisions to UK data protection laws at some point to facilitate non-EU adequacy agreements.