Different countries have different laws. Sometimes inside the EU too. See Belgium's ban on video game loot boxes necessitating changes in FIFA Ultimate Team.
Browsers could face two regimes in Europe as UK law set to diverge from EU
Browsers will need to satisfy two different data regimes in Europe under UK legislation proposed to replace EU laws. The British government has promoted its approach as a way of easing the burden of cookie consent on website users, but the new law could be challenging for browser builders wanting to comply with both EU and UK …
COMMENTS
-
-
-
-
Monday 25th July 2022 12:05 GMT Peter2
This is where we get into the difference between "in theory" and "in fact". In theory, there is no difference between theory and fact. In fact, there is a difference.
Likewise, in theory when the EU parliament makes a regulation (as opposed to a directive) then it automatically takes effect across the entire EU.
In actual fact, most countries have their own parliaments and their own courts who feel that they, and not the EU council run their countries, and they don't implement things that don't meet the requirement of their laws.
Slovenia, as one of the countries who "enjoyed" the Russian secret services vanishing people guaranteed privacy as part of their constitution, and I think they feel that key parts of things directly attached to their constitution get written by them. The end result is that they have gone through several drafts, but the GDPR is still not enforceable in Slovenia.
So they don't in fact have the GDPR.
-
Monday 25th July 2022 12:23 GMT Doctor Syntax
"Likewise, in theory when the EU parliament makes a regulation (as opposed to a directive) then it automatically takes effect across the entire EU.
In actual fact, most countries have their own parliaments and their own courts who feel that they, and not the EU council run their countries, and they don't implement things that don't meet the requirement of their laws."
Let me draw your attention to the fact that the Idiot Tendency in UK politics were concerned by the fact that Parliament and courts really were constrained by the EU council and didn't like it. Hence we've now got to where we are now - a government operating without adult supervision coming out with just such a mess.
I haven't looked at the Slovenia situation but I'd expect that the EU is - I recall reading about the EU leaning on Poland for political interference with the courts. The ultimate sanction would, I suppose, be suspension of those countries from the EU as punishment.
I think that last remark has just enlightened me as to why the UK has opted for what would otherwise be regarded as a punishment - a government run by public schoolboys.
-
Monday 25th July 2022 13:29 GMT jmch
"The ultimate sanction would, I suppose, be suspension of those countries from the EU as punishment."
The actual sanction that would make them pay attention is to be cut off from the EU budget, particularly for countries that are net recipients of funding. Typically speaking, the democratic laggards are net recipients.
-
Monday 25th July 2022 14:45 GMT Lars
@Doctor Syntax
I agree with the "a government run by public schoolboys".
The use of "public" in this respect in Britain is confusing for everyone else as a publicly funded school is called a "state" school. And a state school is of course publicly funded by the state.
And in other parts of the world schools are called private schools when they publicly are not funded by the state (to 100%).
But about countries who don't live up to what was demanded (and expected) joining the EU the EU doesn't have the "power" to just kick out a country, such laws where not included.
In a way I think that is a bit sad but it's a lot sadder that such reasons can occure.
As for schools, what does it tell you about a country where state schools perform less well or are assumed to perform less well than private schools.
To me it will indicate that the country is run by an elite for the elite.
But it could be even worse than that. In Sweden there was some enthusiasm for private schools until it become obvious that the quality and the reasons why was like with Trump
University. There was not the quality expected.
What if that happened in Britain too long ago.
And you don't have this or that any more. Would that surprise me.
-
Monday 25th July 2022 16:10 GMT jmch
"what does it tell you about a country where state schools perform less well or are assumed to perform less well than private schools."
In Finland, contrary to common misconception, there are private schools... BUT they offer the same education based on the national education plan, just like public schools. Private schools get funding from the state and cannot charge fees to generate profit. Finland consistently scores in the highest places in education rankings. That is not a coincidence.
I theorise that for some governments, investing in public education is counterproductive since they prefer the public (and therefore their electorate) to be gullible automatons who are capable of fulfilling basic tasks required by their industry but incapable of thinking for themselves.
-
-
Monday 25th July 2022 16:39 GMT Peter2
Let me draw your attention to the fact that the Idiot Tendency in UK politics were concerned by the fact that Parliament and courts really were constrained by the EU council and didn't like it.
Let me draw your attention to the fact that even Germany's constitutional court has had problems with The EU violating the German Constitution by EU bodies doing things that they aren't authorised to do via treaty or law.
-
-
Tuesday 26th July 2022 10:21 GMT Peter2
It is largely settled; the German court made a legal ruling that the EU can't break the German constitution and basically described the legal opinions coming out of the EU's supreme court as being gibberish without any foundation in law and exceeding their legal power to rule on. ("Ultra Vires") The EU courts threatened to sue Germany for this ruling which threatens the principle of the EU's ever closer union, and the German government promised:-
Controversially, the Commission also noted that "the German government ... commits to use all the means at its disposal to avoid, in the future, a repetition of an ‘ultra vires' finding, and take an active role in that regard."
So the German government has committed to try and interfere with an independent court system to prevent it from finding that EU entities are doing things that are ‘ultra vires' which is a latin legal term basically meaning "You have exceeded your authority". The obvious issue here is that the German government is itself acting "Ultra Vires"; they can't legally commit to interfering with an independent court system under their own constitution; and especially not one which decides on what their constitution means.
So it's sort of temporarily over, but it won't end here. It's also worth noting simply because it's not just a handful of people in the UK that have problems with the EU overreaching; many people on the continent have these issues but until Britain left the EU were quite content letting Britain take the flack in saying "uh, no". Now Britain has left the EU other people have to stick their necks out; even in Germany which is one of the few beneficiaries of the current arrangements.
-
Friday 29th July 2022 16:19 GMT EnviableOne
The German government acting in its capacity is able to change the german constitution or initiate actions to that effect, very much "Intra Vires" as in within their power.
This does not affect the previous decisions of the court which are and will continue to be valid under the constitution at the time, but the representatives of the german Volk can and should be able to amend the constitution applying to them.
-
-
-
-
-
-
Monday 25th July 2022 11:44 GMT Lars
@just another employee
"The GDPR was adopted on 14 April 2016 and became enforceable beginning 25 May 2018. As the GDPR is a regulation, not a directive, it is directly binding and applicable, and provides flexibility for certain aspects of the regulation to be adjusted by individual member states.
The regulation became a model for many other laws across the world, including in Turkey, Mauritius, Chile, Japan, Brazil, South Korea, South Africa, Argentina and Kenya. As of 2021 the United Kingdom retains the law in identical form despite no longer being an EU member state. The California Consumer Privacy Act (CCPA), adopted on 28 June 2018, has many similarities with the GDPR.".
https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
So it's for all EU countries but with some flexibility.
-
-
-
-
Monday 25th July 2022 10:41 GMT Paul Smith
Quo Bono?
Exactly who is this change supposed to benefit? Lose the adequacy agreement and the UK loses access to easy data exchange with the EU, on the other hand, it means the likes of Facebook can do whatever they want with data about UK people. Cambridge Analytics MkII?
I would suggest that someone takes a very serious look at who is lobbying whom and how much they are paying, because this stinks.
-
Monday 25th July 2022 11:39 GMT Doctor Syntax
Re: Quo Bono?
"Lose the adequacy agreement and the UK loses access to easy data exchange with the EU"
In this respect it's interesting to look at the impact assessment (you can find in linked on https://bills.parliament.uk/bills/3322/publications )
From that:
"17. EU Adequacy decisions are adopted through a unilateral, autonomous EU process controlled and managed by the European Commission. As the UK diverges from EU GDPR, the risk that the EU revokes its Adequacy decision increases. EU Adequacy decisions do not require an ‘adequate’ country to have the same rules, and the Government’s view is that reform of UK legislation on personal data is compatible with the EU maintaining free flow of personal data from Europe."
My emphasis; Rice-Davies applies. But it's not HMG that makes the adequacy statement, it's the EU.
It gets wilder in para 18 which estimates the potential costs:
"we estimate the impact of Adequacy with the EU being discontinued on top of these measures to be between £190 and £460 million in one-off SCC costs and an annual cost of between £210 and £410 million in lost export revenue when taking a micro approach to modelling. The analysis does not attempt to assign probabilities but simply estimates the impact in the event of loss of Adequacy. The trade impacts are the direct reduction in UK-EU trade and the impact may be larger when accounting for interactions with onward supply chains with trade with third countries."
It continues with the remarkable statement:
"As there is uncertainty in both the likelihood and timing of any decision, the impact is not included in the net present value or other measures in the summary of the IA."
In other words we think we're OK (17) so we'll just ignore it (18).
-
Monday 25th July 2022 11:50 GMT Jason Bloomberg
Re: Quo Bono?
I would suggest that someone takes a very serious look at who is lobbying whom and how much they are paying
There is no need for lobbying when the government and minister's ideology is "profit before people".
Brexit was a dream of those who wanted to escape the clutches of EU regulation which limited the abuses they could indulge in, constrained their pursuit of profit. Gullible and stupid people voted "please screw us over" and that's what this government intends to deliver, claims a mandate for doing.
-
-
Monday 25th July 2022 16:53 GMT Anonymous Coward
Re: Quo Bono?
every reason is good to mention brexit (and bemoan it, like I always do, even more so, having been through Dover experience very, very recently). But I wouldn't subscribe to the conspiracy theory (escaping the clutches to increase profits, etc.) While I don't deny such result would be / will be / is welcome to brexiteers, I think it's giving them too much credit of sophistication and long-term planning. Methinks their goals were much more short-sighted and simple, i.e. very short-term political profit, staying in power on an easily-manageable popular sentiment.
-
-
Monday 25th July 2022 13:36 GMT Mike 137
Re: Quo Bono?
" Lose the adequacy agreement and the UK loses access to easy data exchange with the EU"
The US formally lost Privacy Shield but that made zero difference to the transfer of personal data from the EU and the UK to the US. Furthermore, Privacy Shield was grossly inadequate while it was recognised, and that mde no difference either.
Non-compliance with the GDPR is widespread, the problem being that it's not formally enforced by the regulators but relies on complaints. It's a perfectly adequate (if not perfect) piece of legislation in principle, but as practically everyone has ignored it since day one, it has no effective teeth.
-
Monday 25th July 2022 14:42 GMT Anonymous Coward
Re: Quo Bono?
"Non-compliance with the GDPR is widespread, the problem being that it's not formally enforced by the regulators but relies on complaints."
In general if you open a complaint case with the ICO then they will only investigate the use/misuse of *your* personal data, even if your complaint also highlights the misuse of the personal data of a large percentage of the population they will not look into the wider aspect.
ICO will only investigate large scale misuse of personal data when they receive "sufficient" complaints regarding it, where "sufficient" is something they decide (likely based on whether ICO could be bothered to do anything about it).
-
Monday 25th July 2022 17:12 GMT SImon Hobson
Re: Quo Bono?
But on the other hand, I think it's fairly safe to assume that there will be some elements of the EU machinery who would be more than happy to find reasons to punish us for daring to leave their brave new world. Also, cutting off the USA would cause massive damage to the EU, while cutting off the UK - I suspect they would consider that a positive thing as it would probably persuade some to move their operations to the EU for an easy life.
So USA is big enough for them to work hard to find a plausible reason to allow data transfers to carry on for another few years until the courts declare that method invalid. The UK, "who cares".
-
Monday 25th July 2022 20:39 GMT codejunky
Re: Quo Bono?
@SImon Hobson
"So USA is big enough for them to work hard to find a plausible reason to allow data transfers to carry on for another few years until the courts declare that method invalid. The UK, "who cares"."
They cared when cutting off the UK would plunge them into immediate recession. Thats why their own banks were begging the EU not to do something really stupid after their bid to 'woo' the banks failed to our amusement.
-
Thursday 28th July 2022 12:11 GMT Anonymous Coward
Re: Quo Bono?
Silly Billy. You know full well that the UK is going to be the worst in Europe, financially, apart from Russia!
It ain't the EU that's facing the recession, it's jolly old england and its dover carparks.
https://www.newstatesman.com/chart-of-the-day/2022/04/the-uk-is-once-again-the-sick-man-of-europe
-
-
-
-
Monday 25th July 2022 14:54 GMT Warm Braw
Re: Quo Bono?
Exactly who is this change supposed to benefit?
You need to focus on that word "supposed".
It will not benefit anyone, no-one (outside government) has lobbied for it and no-one in government can construct a case for it in its own terms.
However, this is merely the start of "performative divergence" - a fantastic fog obscuring the reality that the road to the sunlit uplands is jammed with parked lorries. It doesn't matter that nobody benefits. What matters is that the "supposed" benefits are through the fog, over the rainbow and beyond the horizon so the cultists are content to continue waiting for the rapture replacement bus service.
-
-
Monday 25th July 2022 10:44 GMT wolfetone
Finally
This is the brexshit I voted for.
I found the current cookie law far to simple and one dimensional, and I was craving more bureaucracy in my work life. This, finally, scratches that itch.
Who do I have to thank for this? I bet it's Nadine, she's a good 'un. Finger on the pulse etc.
-
Monday 25th July 2022 10:46 GMT VoiceOfTruth
The essence of this is to treat the public like crap
Businesses, no matter how rotten and dirty they are, = good. The public, the great unwashed who didn't go to the right schools, = bad.
The ICO is a joke anyway, and not a very funny one. It grabs a small headline about data being transferred using WhatsApp to pretend that it is doing something other than polishing chairs, but is completely silent about medical records being sold to who knows who?
-
-
Monday 25th July 2022 13:33 GMT GNU SedGawk
Re: The essence of this is to treat the public like crap
The Charter City idea is going to be "interesting".
AFAIU we go to bed with rights, and wake up without them.
I'm hopeful to have got the wrong end of the stick https://medium.com/@cormack.lawson/charter-cities-the-real-reason-for-brexit-and-the-bigger-picture-4de80dbb69fb
Everybodies favourite dodgy group https://www.taxpayersalliance.com/charter_cities_f1_qrrrebspo_1e_acnz6xzb7l0 seems quite keen.
The Scottish press don't seem so keen https://www.thenational.scot/politics/20267661.rishi-sunaks-beloved-charter-cities-pose-huge-threat-democracy/
-
-
Monday 25th July 2022 11:49 GMT Greybearded old scrote
Re: The essence of this is to treat the public like crap
They weren't completely silent, they said, "Slapped wristies, don't do it again."
-
Monday 25th July 2022 12:19 GMT Anonymous Coward
Re: The essence of this is to treat the public like crap
> but is completely silent about medical records being sold to who knows who?
There is no real way to hold ICO to account.
Complaints to the Parliamentary and Health Service Ombudsman only cover whether ICO followed ICO's documented procedures, you cannot complain about any decisions ICO reached.
The only route regarding case decisions that ICO make is to take personal legal action against ICO, something that the majority of people cannot afford.
-
-
Monday 25th July 2022 14:57 GMT Anonymous Coward
Re: The essence of this is to treat the public like crap
"Make a noise once in a while, then go back to polishing chairs."
Rather than polishing chairs they are actually complicit in covering up/enabling Data Protection law breaking:
https://forums.theregister.com/forum/all/2022/07/21/amazon_one_medical/#c_4499249
-
Monday 25th July 2022 15:22 GMT Anonymous Coward
Re: The essence of this is to treat the public like crap
Just noticed this ICO25 bad-taste joke:
https://ico.org.uk/media/about-the-ico/documents/4020926/ico25-plan-for-consultation-20221407-v1_0.pdf
Quote:
"...showing that it can be a ‘how to’, not a ‘don’t do’."
That'll be "showing how to break DP Law in a way that ICO will do nothing about" rather than "don't break DP Law" I assume...
-
-
-
Monday 25th July 2022 14:16 GMT ITMA
Re: The essence of this is to treat the public like crap
Also the ICO will not uphold anything which appears to be a breach of privcy under GDPR if it goes against government policy.
A case to illustrate this - I complained to them about my energy supplier, EON (and their "agents"), keep pestering me about when I want an appointment to have a "so-called" smart meter installed. My answer always been "NO - FUCK Off and DO NOT CONTACT ME AGAIN. You DO NOT have permission to conctact me about anything other than meter readings and my bill. I do NOT give you permission for my details to be used to contact me about anything else, especially smart meters".
However, according to the ICO, because the roll out of "so-called" smart meters is government policy, energy companies are obliged to keep pestering me until I give in and can ignore my wishes and GDPR.
In other GDPR and the ICO are utter shite.
-
Monday 25th July 2022 14:20 GMT Anonymous Coward
Re: The essence of this is to treat the public like crap
and the procedure for accessing the documented procedures is available only the 29th of February, when the Moon rises, in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard.”
-
-
-
Monday 25th July 2022 11:00 GMT Detective Emil
And nothing of value was achieved …
[W]ebsites won't need to require users to consent to "collect information for statistical purposes" about how a website or service is used "with a view to making improvements to the website".
Since most sites want to drop cookies associated with advertising and tracking, if the law really is written this narrowly, all those sites will still have to present consent dialogs.
-
Monday 25th July 2022 12:23 GMT Anonymous Coward
Re: And nothing of value was achieved …
"Since most sites want to drop cookies associated with advertising and tracking"
I believe you are misusing English here and you intended to say "want to set cookies".
"to drop" implies throwaway, which is the complete opposite of what most sites intend to do.
-
-
-
Monday 25th July 2022 12:02 GMT Ben Tasker
They didn't.
What did change after GDPR was they became much more detailed - prior to it, a lot of sites (particularly UK side) chanced it with a small banner/notification that said "This site uses cookies, if you continue you consent", which was never technically compliant, but the ICO had largely signed off on it.
GDPR made it explicitly clear that that was not sufficient.
-
-
Monday 25th July 2022 12:07 GMT Lars
@Expat-Cat
Yes you find it here:
https://en.wikipedia.org/wiki/Privacy_and_Electronic_Communications_Directive_2002
"There are some interplays between the ePrivacy Regulation (ePR) and the General Data Protection Regulation (GDPR).Some EU lawmakers had hoped the ePrivacy Regulation (ePR) could come into force at the same time as the General Data Protection Regulation (GDPR) in May 2018.[3] In this way, it would repeal the ePrivacy Directive 2002/58/EC and accompany the GDPR in regulating the requirements for consent to the use of cookies and opt-out options."
-
Monday 25th July 2022 15:18 GMT Expat-Cat
How the 2 sets of Directives and Regulations interact is a full and complex subject. My point was that when I see an "expert" making a number of statements but with a large factual error in the basic explanation I am not inclined to look at those statements with much belief.
GDPR makes only one short mention of cookies, and that is to clarify that where cookies may contain private data OR may be used in any way that allows an individual to be identified, then this is private data as covered by GDPR.
-
-
-
Monday 25th July 2022 11:21 GMT OhForF'
FUD?
>require users to consent to "collect information for statistical purposes" about how a website or service is used "with a view to making improvements to the website"<
Collecting statistics about the site usage could be easily done server side without any cookies or scripts on the client side.
IANAL so i might be wrong but as i understand requirements of the GDPR collecting anonymized usage statistic about the site usage would not need user content but should be covered by legitimate interest so simply having a link somewhere explaining what you're collecting for this purpose should be enough.
I have a hard time believing this kind of usage statistic is useful and find it much less believable changing this will "remove obstacles to innovation and business".
-
Monday 25th July 2022 11:26 GMT Cederic
Re: FUD?
A script that tracks your mouse as it moves across the web page provides information that helps site creators understand how you view, interact with and use that page.
That information can be used to improve the readability and usability of the page, so that more profit can be made. I mean, so that the user experience can be improved.
You can't do that server-side.
-
-
Monday 25th July 2022 11:47 GMT Craig 2
Re: FUD?
"So they track my mouse movements to try and trick me into clicking on some affiliate link?"
No it's more sinister than that... they track your behaviour on a website to decide where to place certain elements. It's another facet of dark design. These are changes to encourage behaviour that you think you decided wholly by yourself without external influence.
A real-world example I read about earlier.... In France, shops with Air Conditioning have been ordered to keep their doors closed to help save energy. Why would they keep them open you think? Surely it's costing them money. But... research shows more people will just wander in an open door and once in, they can be encouraged to buy or spend.
-
-
Monday 25th July 2022 13:22 GMT ArrZarr
Re: FUD?
This isn't practically possible.
In essence, you'd need the competitor to implement the tracking tags on their site* for your (their competitor's) benefit.
You could implement rules based off the referrer, but it's unlikely that Argos will willingly send a potential customer to PC World directly so you'll usually have a search engine's domain between the two.
-
-
-
Monday 25th July 2022 13:17 GMT ArrZarr
Re: FUD?
No. A good marketer doesn't trick you into doing anything.
What she does is make sure that the thing you might be tempted into buying is available on screen, preferably the bit of the screen you're looking at right now.
On the other hand, site UX is important and uses exactly the same tools. I've implemented tags for our UX team in the past that were all about whether users were following the site's journey comfortably (think [french car brand]'s online configurator. We wanted people to buy cars, but giving people a rubbish experience while mucking about choosing options isn't conducive to actually selling somebody said car.
Are there marketers out there who will try to trick you? Absolutely. Should consumers need to be as paranoid as they are to avoid scammers? No. Will these scammers always abuse any legitimate tool they can corrupt to their purposes? Yes. They always have done.
The problem you're facing is that doing good UX is hard, but you only notice it when it's bad. It's not so different from maintaining the network. People will only notice when it's down and not when it's up.
Shoutouts to the kings of utterly vehemently user unfriendly design - Google. Their search page is the only thing of theirs where the UX isn't a complete and utter disaster.
-
-
-
-
-
-
-
Monday 25th July 2022 15:48 GMT codejunky
Re: "easing the burden of cookie consent on website users"
@Jedit
"Come on, just say what it means - they're going to relieve us from the trouble of refusing cookies by not giving us the chance to do so."
Only if we are lucky. Since most people just hit accept but have to put up with the bureaucratic 'tick box' exercise of annoying people it would be considered an improvement. Almost like those days longed for where the internet was free of the infestations of clipboard wielders and other bansturbation fetishists.
Do people remember the days when you could go online and go to the page you wanted to see. That it would come up and you start interacting with it. Before they littered it with an annoying banner you ignored at the bottom of the screen. Before the annoying banner people ignored had to be interacted with first. When the internet was free of most government involvement and we laughed at China for their 'great firewall'. Before organisations like the EU imposed rules that some US companies didnt bother complying with and so shutting the EU off from direct viewing.
-
Thursday 28th July 2022 12:21 GMT Anonymous Coward
Re: "easing the burden of cookie consent on website users"
The US companies that have made themselves unavailable are not able to say that their data collection policy isn't shady.
This is like blaming the EU for stopping someone visit, because the EU has an arrest warrant out for a murder they committed.
-
-
-
Monday 25th July 2022 12:27 GMT Phones Sheridan
By default all UK companies should be complying with the GDPR, as it is currently enshrined in UK law, and therefore should fall under adequacy agreement. After this law passes, no changes are needed for those companies that want to continue doing business in the EU. Just continue to do what you do now, and if your customers want to continue trading with you, they will.
Any businesses that solely want to do business in the UK, go for it, all bets are off.
-
Monday 25th July 2022 12:48 GMT Doctor Syntax
If this law passes - and, sadly, you may be correct to say "after" - UK law may not be considered adequate for protection of data transfers from the EU. That decision will be entirely that of the EU irrespective of the Department of Culture media's hopes in para 17 of its impact statement (see my comment above).
If the adequacy ruling is lost it doesn't matter whether some company continues to follow GDPR or not, at best it will have to jump through extra hoops AKA (standard clauses) to try to prove to EU regulators that it's compliant and even them might find that someone like Max Schrems takes action in the courts to show that the clauses don't mean anything.
-
-
-
Monday 25th July 2022 13:18 GMT Anonymous Coward
Not sure what you are trying to say. Are you claiming that Northern Ireland still follows (EU) GDPR rather than UK GDPR?
After Brexit NI has remained subject to *a limited set* of EU rules, none of which include Data Protection:
https://www.consilium.europa.eu/en/policies/eu-uk-after-referendum/the-protocol-on-ireland-and-northern-ireland-explained/
-
Monday 25th July 2022 14:56 GMT Dan 55
NI is under UK GDPR.
Data protection and data transfers on the island of Ireland after the post-Brexit transition period
However EEA individuals which used a UK business up until the end of 2020 have and always will have their data stored under the GDPR as it was in the UK the end of 2020.
UK General Data Protection Regulation (UK GDPR)
Personal data about individuals located within the EEA, which was gathered by UK businesses before 1 January 2021, will be subject to the EU GDPR as it stood on 31 December 2020. This is known as the 'frozen GDPR'.
As soon as the UK diverges, this will be a headache for UK businesses as they will have to deal with two sets of customers: 1) pre-Brexit EEA customers and 2) post-Brexit EEA customers + all UK customers + RoW customers. Additionally post-Brexit EEA customers in the second group depend on the UK getting a favourable adequacy decision with the EU, so perhaps you could say there are three groups.
-
-
Monday 25th July 2022 12:57 GMT Tubz
If companies could be trusted to accept and follow a users tracking choices based on simple global settings in the browser, then life would be simple, sad part is we know a lot of companies just ignore users opt out and play dumb when it come to GDPR etc, as they normally allowed to get off with a sorry and a small slap on wrist !
I would be more than happy to contribute to a websites stats on how it performed or what got clicked most regularly to improve design, but as it stands, I block everything at every site and customise.
-
Monday 25th July 2022 13:11 GMT Flocke Kroes
My confidence in browsers has already reached the point where I use separate user accounts on my computer to browse different sites and I clear cookies between visits. Pays off when shopping: I get introductory offer codes when I use a clean browser that are still valid when I log in to check out.
-
Monday 25th July 2022 13:53 GMT Mike 137
Logs?
"I would be more than happy to contribute to a websites stats on how it performed or what got clicked most regularly to improve design"
You already do. Practically all this information can be extracted from local server logs.
The rise of 'third party analytics' has been on the back of an erroneous assumption that much smarter folks than us are needed to do for us what would be beyond our tiny minds. That advantage in the case of analytics has been primarily to the analytics providers as it's given them insight into the habits, desires and manipulability of entire populations that they couldn't have got access to any other way. And site owners are actually paying them to acquire this insight.
-
-
Monday 25th July 2022 13:28 GMT Mike 137
A total failure to uinderstand, or maybe ...
"The British government has promoted its approach as a way of easing the burden of cookie consent on website users"
The 'burden of cookie consent' is a bogus artefact, entirely due to the way the consent requirement has been implemented by site publishers. What's required by current legislation is not intrinsically burdensome. But if implemented according to law in a convenient way (which is perfectly possible), it would almost certainly prevent site publishers taking advantage of cookies for surreptitious snooping.
The law does not require a 'consent banner', it simply requires that the user has a choice. So a lawful and non-intrusive mechanism might simply be no cookies other than those strictly necessary as the default, and a link somewhere that doesn't interfere with access to the site, which, if followed voluntarily, would allow the user to agree to additional cookies. But oh dear - nobody would bother to follow the link, would they, unless their access were blocked by a bloody great intrusive banner until they do?
What HMG seems to be doing (under the guise of failure to understand the true nature of the problem) is to open the doors to an uncontrolled cookie free-for-all (that is -- free-for-site-publisher) that removes the right of the user to keep their browsing tolerably private. This is to be expected in the context of the planned general 'deregulation', including for example the repeal of 'all EU law' -- not because it's not fit for purpose (much of it being very fit, and indeed in some cases created at the behest of the UK) but merely because it's 'European' and we aren't any longer.
Roll on the triumph of ideology and big business greed over common sense and respect for persons.
-
Monday 25th July 2022 13:33 GMT Spazturtle
The simple solution is to make the browser preference a mandatory setting that UK users must set to use the browser, so when first opening the browser the use gets to choose if they want to be tracked or not. Then the browser can pre-notify the website of the user's tracking preferences and won't be permitted to show the popup, but for EU users who might not have configured their browser the GDPR popup is still shown.
-
Monday 25th July 2022 13:45 GMT Mike 137
Cookie preference settings in the browser?
"The simple solution is to make the browser preference a mandatory setting that UK users must set to use the browser"
That's a great idea in principle, but in practice there's no way to make it work from a technical perspective. The law defines two classes of tracker: 'cookies (all tracking devices) that are strictly necessary for the provision of the service to the user, and other trackers. The first includes things like shopping cart lists, authentication tokens &c. without which the site cannot deliver the service, and second includes all other purposes, without which the site would still work for the user.
Unfortunately, that's a distinction the browser cannot discriminate -- what the purpose of the cookies is at server side. 'First party' vs. 'Third party' (which the browser can distinguish) does not meet the criterion, and there's no way the browser can reliably understand the ultimate purpose of a cookie from its content.
-
-
Monday 25th July 2022 14:00 GMT Anonymous Coward
About those Fortnum's shopping bags.....
Quote: "...threaten the UK's adequacy status..."
GDPR was always a joke. Just look at the data slurping being done by DeepMind/Google or Palantir....and tell me that GDPR and "user consent" are both being enforced!
"Adequacy"......no......everything in the UK is for sale......Fortnum's shopping bags stuffed with cash....and even the elite are getting in on the trend!
-
Monday 25th July 2022 15:55 GMT JDPower666
Started reading this and for a second thought, finally, something good from brexit, no more ruddy consent nags. Then I got to "Conservative government says it wants to make data protection law more flexible and allow data sharing with other nations"
You never have to scratch to deep to find the real motive behind tory plans.
-
Monday 25th July 2022 15:56 GMT codejunky
Meh
Usual bed wetting aside as far as the UK companies go they will either comply with GDPR for EU access or if they are domestic and or rest of the world they will have slightly less restriction. This doesnt sound like some fantastic getting away from EU rules but remainers are right to point out the EU are little children who might threaten adequacy rules just as they punish NI out of spite.
Looking at the EU in all its magnificence is anyone under the illusion they wouldnt blow another foot off to 'win'? If they did revoke adequacy the EU probably realises the UK has little reason to hold on to other regulations. And as they fear the UK being competitive if unchained by EU rules it might make them think twice.
-
Thursday 28th July 2022 12:34 GMT Anonymous Coward
Re: Meh
dear oh dear, one minute you say we are all powerful and the EU will bend to our every whim, the next, you are blaming everything that goes wrong on the EU for punishing us.
I presume you also reckon that gyms are being childish if they don't let you in after you've cancelled your membership? I guess you think they are making these rules up just to pick on you.
The little englander exceptionalism is strong with you.
-
-
Monday 25th July 2022 16:06 GMT Greybearded old scrote
Re: To be fair...
It doesn't get all of them yet. And it relies on there being the cookie pop up. When they can assume consent unless you find the opt-out form behind a door marked "Beware of the Leopard" I expect it will become obsolete.
-
-
Monday 25th July 2022 16:41 GMT Anonymous Coward
make data protection law more flexible
in the same fashion as working hours and conditions have become more flexible, never mind extremely flexible wage structure. But hey, they are the government, they govern. The little people are voters, they will vote. For the tories. Again. And even if they vote for the other lot, what chance the law that's become the law by then, will have become changed by labour? After-all, labour are already as business-friendly to big business as tories. Sorry, I meant, 'as flexible as tories'.
-
Monday 25th July 2022 17:30 GMT Howard Sway
Businesses providing browsers or publishing websites would need two very different regimes
Or alternatively, they could decide to just stick with the one regime that they have already complied with. In Brexit Headcase Land, the rest of the world is going to put in huge amounts of expensive work to comply with the UK's new shiny different-for-the-sake-of-being-different regulations. In reality, browser makers and foreign sites aren't going to bother rewriting stuff just to serve the whims of what looks like a government in chaos in one country. Especially as they suspect that new rules won't be enforced, due to the cost of doing so, and that any attempt to enforce them can easily be beaten by simply stopping their service for UK users, and waiting for the public outcry that follows to force the government to back down.
-
Monday 25th July 2022 20:44 GMT codejunky
Re: Businesses providing browsers or publishing websites would need two very different regimes
"In Brexit Headcase Land, the rest of the world is going to put in huge amounts of expensive work to comply with the UK's new shiny different-for-the-sake-of-being-different regulations."
I dont see where that is said though. Just because it will be less difficult in the UK doesnt mean they wont comply with EU regs if the EU is their market (just like all trade must meet the importing countries regs). So unless that is somehow wrong the rest of your comment is irrelevant.
Sounds like it will mostly make things easier domestically which is why we wanted to leave the EU. As I said in an earlier comment this isnt some breakaway make our own rules brexit win just as its not really something worth noting from the EU side. Seems fairly tame and almost pointless in my opinion.
-
-
Monday 25th July 2022 18:04 GMT genghis_uk
UK Government and Internet
Why is it that every time I see UK Gov (especially MINI-FUN), and Internet in a sentence, I just know they are messing things up?
Government ministers are quite frankly, clueless about
everything technicalthe internet - why do they keep trying to meddle? Mad Nad is on record thinking the internet is only 10 years old - won't someone save us from these muppets? -
Monday 25th July 2022 19:36 GMT mark l 2
If you are a UK SME that also deals with EU customers, are you going to bother with the time and expense to run two systems or just stick with the way you have been working for the last few years to comply with EU GDPR? So in reality I think the number of consent banners might drop a bit but not by as much as the Tories are making out.
Of course all those big corps like Meta, Google, Amazon will be quite happy to run a specific UK system where they can start slurping your data and tracking you again.
Either way im stick with Firefox containers, Ublock origin, and the strict tracking protection setting in my browser.
-
Monday 25th July 2022 20:37 GMT Anonymous Coward
This would be amazing
It would be amazing if this happened. Whoever removes the need to click on anything going from website to website is a legend worldwide. This should never have happened. The level of stupidity having users have to click cookies on every website is incredible.
None of this should have ever happened.
-
Monday 25th July 2022 22:18 GMT Anonymous Coward
Bring back session cookies
Been a while since browsers actual removed session cookies on restart. (Or websites didn't just use infinite lifetime cookies for everything.)
And that's probably because they (Firefox and chrome I'm looking at you) need them to survive a crash or browser update.
They did (back in the day) just what they say. Save all the stuff that you need to work and then it goes away.
Gone the way of "cache time". That killed was by Web developers who want everything to be "live" rather than what was there an hour ago.
-
Tuesday 2nd August 2022 17:37 GMT Dave 15
Its simple
Make it ILLEGAL to cover more than 10% of the screen with cookie information, illegal to have 'must allow' cookies, illegal to not provide a reject all cookies and all 'legitimate interest' on the cookie notice with a single button.
I suspect the EU will be happy to follow suit.
-
Tuesday 2nd August 2022 17:41 GMT Dave 15
iBrowsers or webpages?
I am pretty sure the fact those pathetic block the whole screen with a bit accept button and allow a 3400 click system to say no to cookies is a feature of the website not the browser you use because its the same on all browsers. The companies with websites like it should be fined hugely, banned until they have fixed ti