Replacing GDPR will be a new headache for UK businesses
Pivoting business data strategies to a new set of regulations isn’t going to help businesses. It’s going to cause them a huge headache
Yesterday’s announcement by Culture Secretary Oliver Dowden that the UK is to move away from the European Union’s GDPR data privacy laws may sound like a radical departure. But it is premature to start celebrating quite yet.
Dowden promised to withdraw a number of consumer data privacy policies linked to GDPR, such as website cookie requests. But he was less clear on how these would be replaced.
The “flagship” EU data laws have taken many years to develop and pressure-test with businesses and the consumer’s knowledge of their privacy data rights has increased over time.
It is a brave move to start tinkering with this eco-system.
While it is true that GDPR is bureaucratic, complex and admin-heavy for businesses, many have spent millions setting up their internal operations to comply with the regulation. New teams have been stood up, IT systems have been overhauled and legal teams have become more involved in marketing policies than they’ve ever been.
Pivoting business data strategies to a new set of regulations isn’t going to help businesses. It’s going to cause them a huge headache.
Cookie policies are not ‘pointless’
For UK businesses operating across Europe, new rules will be irrelevant as they still need to comply with GDPR. The new UK policies are only going to affect UK businesses which service UK consumers, which in an ever-growing digital single European market is a shrinking set.
Meanwhile, the fundamental problem of all data regulations, be it GDPR or otherwise, is the issue of educating consumers on how businesses use their data and what their data rights are.
Website cookie policies aren’t, as Dowden says, “pointless” – they’re just not very well explained or executed and are too easy to bypass.
I work in this industry, and I still click away from website cookie notices to skip through the process as quickly as possible, not necessarily fully realising or caring what I’m agreeing to.
One red flag for me in the government’s announcement is the issue of “data partnerships” with other countries – which will apparently provide a ‘Brexit dividend’ for consumers. But there’s no explanation about how this is actually going to benefit us.
Consumers, not Brexit, must come first
Looking outside Europe we can see that many parts of the world are actively trying to emulate GDPR-style data laws, not oppose them. To move away from GDPR appears regressive, unless there is a clear beneficial substitute planned.
The government also needs to take into account new web tracking initiatives from big tech companies. Google is in the throes of developing its ‘Google Privacy Sandbox’ tracking solutions and Apple has introduced its ‘App Tracking Transparency’ framework. UK policies will need to complement these.
GDPR is by no means perfect, but the objective is clear – to improve consumer control of their data online. The regulation is consumer-first, not business-first.
I worry that the UK announcement isn’t motivated by consumer-first reasoning and is a tiny jigsaw piece in the wider Brexit puzzle. It would be fantastic if the UK government had a brilliant alternative solution up its sleeve, but the announcement doesn’t give any indication that it does.
Jack Shearring is managing director at digital consultancy LEAD