My thoughts on the Government’s GDPR overhaul

After being in place for a grand total of four years, GDPR rules are facing an overhaul. The Department for Digital, Culture, Media & Sport laid out proposals it assured would “reduce barriers to responsible innovation” and “deliver better public services”. But after scanning the Data Reform Bill, I still think a lot of clarity is needed for marketers.

?A lot of attention has been given to those pesky cookies we all love. You’ve probably had to agree to about 400 today already. Fortunately, it looks like the state has also had enough and is planning to remove the requirement for websites to display a cookie banner to UK residents.

I’m sure by this point, we all just accept cookies without even thinking about them. (Although, sometimes with no rhyme or reason I’ll decline them – couldn’t tell you what my parameters are for that, but there we are). But we should remember they basically govern how we all interact with our customers and audiences. Any proposals to simplify the process should be welcomed but like many others in the sector, I’m remaining cautiously optimistic. We’re yet to see how this new regime will work in practice. We’ll just have to comb through the details when they arrive.

I’m also concerned with legitimate interest rules.

We need clear details on what defines legitimate interest

A lot more clarity is needed on legitimate interests, which governs how personal data can be processed by businesses. We need to make sure that anything and everything doesn’t fall under the legitimate interest umbrella.

Currently, a 3-part test must be applied when determining how data is handled. Data controllers must first identify a legitimate interest, which can be very flexible in scope. They’ll then need to demonstrate processing is necessary for the intended purpose and cannot be achieved through less intrusive means. Beyond this, they’ll need to weigh up whether their interests in processing personal data outweigh the rights of the subjects.

Handling of personal data has become a hot topic in recent years. Plenty has been said about how large digital companies have been gathering truly invasive – and quite frankly creepy – levels of data. The Government has plans to introduce a number of “carefully defined processing activities” which could limit intrusive levels of data gathering.

While promising to monitor this, it also says: “For any processing activities that do not feature on the list, data controllers will continue to be required to undertake the balancing test.” To me, this still sound fairly broad. I’m worried even with the new limits, marketers may fall foul of data gathering rules, despite doing everything they can to toe the line. Worse still, there could be scope for dodgy controllers to actively abuse their powers.

Are we going to have to start over from scratch?

Overall though, it sounds like we’re set for a complete U-turn on GDPR. The question remains, what will this mean for businesses still caught up in the legislation’s cobwebs? The day GDPR launched, the non-profit NOYB (subtly standing for “none of your business”) brought complaints against Google, WhatsApp, Facebook and Instagram. Four years later, we’re still awaiting a final verdict. If throughout its entire lifespan GDPR struggles to hold the most well-known companies to account, what happens to more agile players who fall through the cracks?

Let’s not forget, GDPR is also still incredibly new. The legislation is tricky to navigate but now, we’re going to have to adapt to new rules which are moving away from what we’ve been trying to perfect over the last few years. And what about the costs? We’ve all had to invest in new processes and software just to keep on the right side of the law. Is it all about to become obsolete? Can we afford even more money spent on a new set of rules which may just be upended again in a few years’ time?

While we can only hope the new rules improve the status quo, the one thing we can be sure of is there will be a lot of homework on the horizon!

Marketers push for ‘more clarity’ on government’s GDPR overhaul (marketingweek.com)

Data: a new direction - government response to consultation - GOV.UK (www.gov.uk)

How GDPR Is Failing | WIRED UK