The UK wants to adjust its own implementation of the GDPR and remove the need to make cookies opt-in. For example, the country wants to combat ‘irritating cookie pop-ups and banners’. Instead, cookies should be opted out.
At the moment, the United Kingdom is still following European GDPR legislation, but since it left the European Union, the country has been working on its own implementation of that law. Friday made the United Kingdom some proposed changes announcedsuch as the need to always consent to cookies.
Now users still have to give permission per site before they can place cookies. However, the United Kingdom wants to introduce an opt-out model, where users can, for example, indicate via their browser settings whether or not cookies can be placed on sites. “As a result, people see a lot less frustrating cookie pop-ups,” according to the British government.
Another change concerns the current requirement for small businesses to have a data protection officer; if it is up to the British government, that obligation should lapse. “Small companies like independent pharmacies will then no longer have to take on fg to comply with the UK GDPR, provided they can effectively mitigate risks themselves. Then they will no longer have to fill out unnecessary forms when there are few risks,” writes the British government.
Organizations remain obliged to have privacy management programs in place and remain responsible for how they handle personal data. “The same high data protection requirements remain, but organizations have more flexibility to determine how they meet them.” According to an analysis by the Department for Digital, Culture, Media and Sport, the changes presented Friday will save British companies £1 billion over a 10-year period.
The amendment to the law should also ensure that researchers can use data more easily, because it must be easier to describe when they can collect data and request permission for this. Scientists no longer need to have a clear idea of the ultimate goal of their research project before collecting data. As a result, they should be able to use more data, because the British do not have to give more permission for specific studies. Scientists conducting cancer research can then use data from people who have given consent with ‘cancer research’ as the processing reason, instead of that processing reason having to be a specific cancer research, the British government says.
The United Kingdom says that the amended law will maintain high data protection standards, while data can be shared with ‘like-minded countries’. International data transfers can also be ‘improved’ with the amended law, for example data transfers for GPS navigation, smart home and streaming services. As a result, such services can be offered more reliably, cheaper and more securely, according to the British government. The United States, Australia, South Korea and Singapore are mentioned as ‘priority countries’. The United Kingdom already said in August that it wanted to revise the GDPR.