The UK government is set to banish ‘annoying’ pop-up cookie banners on websites, thanks to its new Data Reform Bill.
The Bill, detailed by the Department for Digital, Culture, Media & Sport (DCMS), means Brits will no longer have to click to close cookie alerts on every site they visit.
It will also increase financial penalties for those pestering people with nuisance calls, give researchers more flexibility to conduct ‘life-saving’ scientific research, and clamp down ‘on bureaucracy, red tape and pointless paperwork’.
Boris Johnson’s government said the aim of the Bill is to revamp the UK’s data laws for the digital age and take advantage of the UK having left the EU.
New data laws under the Bill will ‘seize the benefits of Brexit’ and free Brits from ‘cumbersome EU legislation’, government said.
Overall, it will reduce burdens on British businesses, resulting in more than £1 billion in business savings over 10 years.
A DCMS spokesperson told MailOnline that the Bill will be introduced in this session of Parliament, which started in May and is still ongoing, but there’s no ‘concrete estimate’ of when it will come into effect.
The UK government is set to banish ‘annoying’ pop-up cookie banners on websites, thanks to its new Data Reform Bill. Cookies are small files that are downloaded to your computer or mobile device when you visit a website
Currently, users have to give their consent for cookies to be collected. To do so users have to opt in to cookie collection every time they visit a new site, which swiftly becomes an irritating and repetitive experience for web users
WHAT ARE COOKIES?
Cookies are small files that are downloaded to your computer or mobile device when you visit a website.
Your browser sends these cookies back to the website every time you visit the site again, so it can recognise you. This allows websites to tailor what you see on the screen.
Cookies are not viruses, trojans, spyware, or worms or any other kind of malware. They can’t install things you don’t want on your computer.
Virtually all modern browsers allow you to see what cookies you’ve got, and to delete them individually or delete all of them.
Many browsers can also be set up to ask consent for each individual cookie before it is set. This gives you very fine control over what cookies you get, but it can slow down your browsing experience if you have to check each and every cookie.
Proposals in the Bill will replace those found in the EU’s ‘highly complex’ General Data Protection Regulation (GDPR), which came into force four years ago.
DCMS first announced plans to reshape the UK’s data legislation back in August , but details of the Data Reform Bill – which was announced in the Queen’s Speech in May – were only revealed by the department on Friday.
The proposals have been published as part of an official response to a consultation on reforming data laws in the UK.
‘Today is an important step in cementing post-Brexit Britain’s position as a science and tech superpower,’ Culture Secretary Nadine Dorries said.
‘Our new Data Reform Bill will make it easier for businesses and researchers to unlock the power of data to grow the economy and improve society, but retains our global gold standard for data protection.
‘Outside of the EU we can ensure people can control their personal data, while preventing businesses, researchers and civil society from being held back by a lack of clarity and cumbersome EU legislation.’
As part of plans for the Data Reform Bill, ministers have proposed replacing pop-up cookie alerts on websites with an opt-out system.
With such a system, Brits will set cover-all data permissions in their web browser settings, removing the need to consent to cookies on each site they visit.
Culture Secretary Nadine Dorries (pictured) said the new Data Reform Bill will make it easier for businesses and researchers ‘to unlock the power of data’
Currently, users have to give their consent for cookies to be collected. To do so users have to opt in to cookie collection every time they visit a new site, which swiftly becomes an irritating and repetitive experience for web users.
Julian David, CEO of trade body TechUK said the Bill represents a ‘welcome package of reform’ but questioned how some of the proposals would work, such as an opt-out model for cookies.
‘The reforms announced today find a good balance between making the UK’s data protection system clearer, more flexible, and more user friendly to researchers, innovators, and smaller companies,’ David said.
‘There are some outstanding questions about how exactly these reforms will work in practice – specifically, around an opt-out system for cookies and the government’s proposals for balancing tests with regards to data processing.’
TechUK said it expects the Bill to be published this summer; however, it hasn’t received any confirmation of this from DCMS.
Also under the proposals in the new Bill, fines for nuisance calls and texts will rise from the current maximum of £500,000 to either 4 per cent of global turnover or £17.5 million, whichever is greater.
The Bill will also simplify legal requirements around research so that scientists are not ‘needlessly impeded from using data to innovate and make major breakthroughs’.
‘The Data Reform Bill will more clearly define the scope of scientific research and give scientists clarity about when they can obtain user consent to collect or use data for broad research purposes,’ the government said in a statement.
Government said the aim of the Bill is to revamp the UK´s data laws for the digital age and take advantage of the UK having left the European Union
‘This removes the need for them to have the ultimate purpose of their research project finalised before collecting data.
‘For example, scientists will be able to rely on the consent a person has given for their data to be used for “cancer research” as opposed to a particular cancer study.’
What’s more, as part of government plans to cut back on data protection ‘red tape’, the Bill will remove requirements for smaller businesses to have a data protection officer (DPO) or undertake impact assessments where the data risk is low.
A DPO ensures an organisation processes personal data of its staff, customers, providers or any other individuals in compliance with data protection rules.
The Bill also proposes a restructuring of the Information Commissioner’s Office (ICO), including giving new powers to the Culture Secretary to approve ICO statutory codes and guidance.
Information Commissioner John Edwards said: ‘I am pleased to see the Government has taken our concerns about independence on board.
‘Data protection law needs to give people confidence to share their information to use the products and services that power our economy and society.
‘The proposed changes will ensure my office can continue to operate as a trusted, fair and impartial regulator, and enable us to be more flexible and target our action in response to the greatest harms.’
WHAT IS THE EU’S GENERAL DATA PROTECTION REGULATION?
The European Union’s General Data Protection Regulation (GDPR) is a data protection law that entered into force on May 25, 2018.
It aims to strengthen and unify data protection for all individuals within the European Union (EU).
This means cracking down on how companies like Google and Facebook use and sell the data they collect on their users.
The law will mark the biggest overhaul of personal data privacy rules since the birth of the internet.
Under GDPR, companies are required to report data breaches within 72 hours, as well as to allow customers to export their data and delete it.
The European Union’s General Data Protection Regulation (GDPR) is a new data protection law that entered into force on May 25
Part of the expanded rights of data subjects outlined by the GDPR is the right for data subjects to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose.
Further, the controller must provide a copy of the personal data, free of charge, in an electronic format.
This change is a dramatic shift to data transparency and empowerment of data subjects.
Under the right to be forgotten, also known as Data Erasure, are entitled to have the data controller erase their personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data.
The conditions for erasure include the data no longer being relevant to original purposes for processing, or a data subject withdrawing their consent.
This right requires controllers to compare the subjects’ rights to ‘the public interest in the availability of the data’ when considering such requests.