DPOInsider #24

Data protection in the UK; The latest ruling in Adtech

Oct 14, 2022

The DPOInsider covers the latest news and developments in data compliance and privacy. The DPO's favourite weekly read ☕️

Data protection in the UK, what on earth is happening?

I previously mentioned how the second reading of the Data Protection and Digital Information Bill was delayed following the appointment of Elizabeth Truss as Prime Minister to give Ministers more time to consider the Bill.

Well, it seems that more consideration is in the works.

On 3 October 2022, at the Conservative Party Conference, the Secretary of State for Digital, Culture, Media & Sport ("DCMS"), Michelle Donelan, hinted that the Bill might be subject to change before it is reintroduced to Parliament.

We will be replacing GDPR with our own business- and consumer-friendly British data protection system

She also aimed at the GDPR by identifying the needless regulations and business-stifling elements of the current regime.

DCMS will instead be taking the best bits from others around the world to form a truly bespoke, British system of data protection.

As the Bill in its current form retains GDPR at its core, this suggests that DCMS may still intend to make significant changes to it.

But what will it look like?

This piece suggests that the UK is going it alone, wanting to simplify the current legislation.

But how exactly the government plans to simplify data protection rules under this new iteration of a post-Brexit data reform isn’t yet clear. We hear the UK government use the term simplify a lot, but as always, the devil is in the detail.

Of course, the GDPR has its critics, and it is complex. After all, it has now become a tool for helping adults drift off to sleep.

But Donelan’s talk of slashing EU red tape recirculates the same tired clichés that were being attached to the last data reform plan to try and generate domestic support.

An interesting space to watch, for sure.

The EU Adtech compliance drama continues

Johnny Ryan @johnnyryan

News: the Brussels Court of Appeal dismisses various IAB Europe procedural grounds of appeal and agrees to refer our preliminary questions to the European Court of Justice.

iccl.ieLandmark GDPR decision against “consent” spam to be heard at Europe’s highest courtThe Brussels Court of Appeal dismisses various IAB Europe procedural grounds of appeal and agrees to refer our preliminary questions to the European Court of Justice.

Yes, the Brussels court of appeal has been dismissed by a Brussels court. This means that the issue will be referred to the European Court of Justice.

What this probably means is that we can expect a landmark ruling that will affect how the machinery of adtech works in the EU.

This all boils down to the IAB Europe’s cross-industry framework that obtains content for ad tracking in the EU.

Critics have argued that the framework is just a way to work around the EU’s privacy laws.

For a full breakdown of the findings with an extensive description of the various judgements, you can check out this article.

Well worth familiarising yourself with this case if you a) an Adtech business b)operating in the EU and especially if c) you are using the IAB Europe consent framework.