Marketers push for ‘more clarity’ on government’s GDPR overhaul

The UK government says reforming data protection legislation will benefit business, but marketers are cautious about what a divergence from GDPR could mean for the industry.

DataThe UK government has revealed more details of its data protection policy overhaul as it moves away from GDPR, but for marketers the proposals have brought about as many questions as answers.

Post-Brexit, the UK committed to shaking up its data protection legislation. The UK’s data protection regime is currently in line with the European Union’s General Data Protection Regulation (GDPR), which was introduced in 2018.

The government says reforming the data protection regime will “reduce the burdens on businesses” while delivering “wider societal benefits”. The Department for Digital, Culture, Media and Sport (DCMS) revealed some of its proposals on Friday (17 June), but many in the marketing industry remain cautious, maintaining “the devil is in the detail”.

The proposals include measures which would change the consent requirement for cookies, extend the “soft opt-in” for marketing material to more organisations, and tighten rules around cold callers.

DCMS minister Nadine Dorries is insistent the government’s proposals are positive for business

“Our new Data Reform Bill will make it easier for businesses and researchers to unlock the power of data to grow the economy and improve society, but retains our global gold standard for data protection,” she said on Friday.

However, the Market Research Society (MRS) is more hesitant about what the proposals will mean for its sector.

MRS CEO Jane Frost says there has been a “huge amount of investment” from businesses to become compliant with GDPR and that many smaller companies in particular will not want to have to adjust to a new set of regulations.

I wouldn’t say there is any guarantee the EU will make any accommodation to us.

Jane Frost, Market Research Society

Frost adds that the UK is a “world-leader in research” and for the sector to retain this position, data must be able to flow freely between the UK and EU.

The EU currently allows data to flow freely between the UK and its member states because GDPR is still in place. For countries outside the EU, the European Commission makes a decision on whether each country’s data protection regime is “adequate”, meaning offering protection at a similar standard to that in member states.

The Advertising Association (AA) says it welcomes the objective of creating growth through the new data protection regime, but stresses that any legislation should not “create divergent parallel regulatory structures”.

“Risking the UK’s data adequacy decision from the EU would only serve to increase trade barriers when the very opposite is required to maintain global growth,” says a spokesperson for the AA.

In its proposals the DCMS laid out its view that “EU adequacy decisions do not require an ‘adequate’ country to have the same rules… reform of UK legislation on personal data is compatible with maintaining flows of personal data from Europe.”

The MRS’s Frost says she would like the government to recognise there is risk when it is reforming the UK’s data laws.

“I wouldn’t say there is any guarantee the EU will make any accommodation to us,” she adds.

Cookie consent changes

The government says it will remove the requirement for websites to display a cookie banner to UK residents, something it suggests has been irritating for businesses and consumers alike.

The Internet Advertising Bureau UK’s (IAB) head of policy and regulatory affairs, Christie Dennehy-Neil, is “cautiously positive” about what the government’s proposals mean for the industry. She says that aspects of the current cookie consent mechanisms are “challenging” for marketers, particularly when it comes to the measurement and attribution of ads.

Therefore, the proposals to simplify this would be welcomed by many in the industry she says.

The devil is in the detail.

Christie Dennehy-Neil, IAB UK

In its proposals the government has added that it intends to move towards an opt-out regime for cookie consent.

ISBA director general Phil Smith says that the proposal to move to an opt-in regime “seems to go much further than the original consultation” by the DCMS.

“GDPR requires consumers’ explicit consent for the use of their data,” Smith says. “Legislating for an opt-out model – potentially for all types of cookies – would turn this on its head, and runs counter to moves taking place across the industry, and which we have welcomed, to restrict third-party cookies.”

It’s not yet clear what exactly this opt-out model would look like.

“The devil is in the detail, and what we don’t know is what an alternative approach would look like,” the IAB’s Dennehy-Neil says.

She notes that in the consultation the DCMS had talked about people using browser settings or different types of software to centrally manage their privacy choices, suggestions which the IAB had “quite a lot of concerns about”.

“There is a risk that if you move to a different regime, to one that’s less nuanced, that the ad-funded business model could be undermined,” she argues.

More detail needed on proposals

Industry leaders and bodies are still trying to work out what exactly these proposals will mean for marketers.

The Data and Marketing Organisation (DMA) “strongly supports the government’s proposed reforms”, but still wants to see more clarity on certain aspects of the proposals. In particular it wants to see legal certainty given to Recital 47 of GDPR.

Recital 47 essentially allows controllers of data to utilise it without explicit consent, if they have legitimate interest.

While the DMA is seeking “greater clarity” on the issue of legitimate interests, it has expressed support for many of the other key proposals from the government. For example, for the extension of the soft opt-in for email to charities and other not-for-profit organisations.

GDPR: What might the government’s overhaul mean for marketers?

This means that organisations can contact individuals they have been in touch with for other things with marketing material, provided these customers have previously been given the option to opt-out of such communications. Under the proposals, the government will extend this to non-commercial organisations, something which DMA CEO Chris Combemale says will “enable further innovation in customer engagement, especially for charity fundraising”.

The MRS’ Jane Frost expresses concern that some changes under discussion by the government could damage the reputation of the market research industry.

She notes that the document published by the government on Friday suggest it may lift the ban on the practice of “plugging”, which means obtaining data for canvassing purposes under the guise of market research.

If the ban on this practice was lifted, it could have “huge reputational damage” for the market research sector, she adds.

No desire for a two-tier system

While the government says its reforms to the UK’s data protection regime will benefit business, many in the marketing industry are clear that companies do not want the laws to change so drastically that it creates a two-tier system.

Frost points out that any business operating in the EU will have to be GDPR-compliant anyway. She says that, for small businesses creating a different set of rules would just create difficulty.

ISBA’s Phil Smith says a two-tier regulatory environment would be “burdensome, costly and wasteful of resources and goodwill”. He adds that the UK has “internationally-recognised high standards of data protection processes and governance” that must be upheld.