back to article Browsers could face two regimes in Europe as UK law set to diverge from EU

Browsers will need to satisfy two different data regimes in Europe under UK legislation proposed to replace EU laws. The British government has promoted its approach as a way of easing the burden of cookie consent on website users, but the new law could be challenging for browser builders wanting to comply with both EU and UK …

  1. Disgusted Of Tunbridge Wells Silver badge
    Paris Hilton

    Different countries have different laws. Sometimes inside the EU too. See Belgium's ban on video game loot boxes necessitating changes in FIFA Ultimate Team.

    1. just another employee

      ..and some EU countries don't even have data protection laws compatible with EU GDPR yet..... Slovenia being case in point.

      1. Doctor Syntax Silver badge

        If they're in the EU they do have laws campatible with GDPR. They have GDPR.

        1. David Nash Silver badge

          I was going to comment but Lars has just clarified...so ignore this.

        2. Peter2 Silver badge

          This is where we get into the difference between "in theory" and "in fact". In theory, there is no difference between theory and fact. In fact, there is a difference.

          Likewise, in theory when the EU parliament makes a regulation (as opposed to a directive) then it automatically takes effect across the entire EU.

          In actual fact, most countries have their own parliaments and their own courts who feel that they, and not the EU council run their countries, and they don't implement things that don't meet the requirement of their laws.

          Slovenia, as one of the countries who "enjoyed" the Russian secret services vanishing people guaranteed privacy as part of their constitution, and I think they feel that key parts of things directly attached to their constitution get written by them. The end result is that they have gone through several drafts, but the GDPR is still not enforceable in Slovenia.

          So they don't in fact have the GDPR.

          1. Doctor Syntax Silver badge

            "Likewise, in theory when the EU parliament makes a regulation (as opposed to a directive) then it automatically takes effect across the entire EU.

            In actual fact, most countries have their own parliaments and their own courts who feel that they, and not the EU council run their countries, and they don't implement things that don't meet the requirement of their laws."

            Let me draw your attention to the fact that the Idiot Tendency in UK politics were concerned by the fact that Parliament and courts really were constrained by the EU council and didn't like it. Hence we've now got to where we are now - a government operating without adult supervision coming out with just such a mess.

            I haven't looked at the Slovenia situation but I'd expect that the EU is - I recall reading about the EU leaning on Poland for political interference with the courts. The ultimate sanction would, I suppose, be suspension of those countries from the EU as punishment.

            I think that last remark has just enlightened me as to why the UK has opted for what would otherwise be regarded as a punishment - a government run by public schoolboys.

            1. jmch Silver badge

              "The ultimate sanction would, I suppose, be suspension of those countries from the EU as punishment."

              The actual sanction that would make them pay attention is to be cut off from the EU budget, particularly for countries that are net recipients of funding. Typically speaking, the democratic laggards are net recipients.

            2. Lars Silver badge
              Happy

              @Doctor Syntax

              I agree with the "a government run by public schoolboys".

              The use of "public" in this respect in Britain is confusing for everyone else as a publicly funded school is called a "state" school. And a state school is of course publicly funded by the state.

              And in other parts of the world schools are called private schools when they publicly are not funded by the state (to 100%).

              But about countries who don't live up to what was demanded (and expected) joining the EU the EU doesn't have the "power" to just kick out a country, such laws where not included.

              In a way I think that is a bit sad but it's a lot sadder that such reasons can occure.

              As for schools, what does it tell you about a country where state schools perform less well or are assumed to perform less well than private schools.

              To me it will indicate that the country is run by an elite for the elite.

              But it could be even worse than that. In Sweden there was some enthusiasm for private schools until it become obvious that the quality and the reasons why was like with Trump

              University. There was not the quality expected.

              What if that happened in Britain too long ago.

              And you don't have this or that any more. Would that surprise me.

              1. jmch Silver badge

                "what does it tell you about a country where state schools perform less well or are assumed to perform less well than private schools."

                In Finland, contrary to common misconception, there are private schools... BUT they offer the same education based on the national education plan, just like public schools. Private schools get funding from the state and cannot charge fees to generate profit. Finland consistently scores in the highest places in education rankings. That is not a coincidence.

                I theorise that for some governments, investing in public education is counterproductive since they prefer the public (and therefore their electorate) to be gullible automatons who are capable of fulfilling basic tasks required by their industry but incapable of thinking for themselves.

                1. Ian Johnston Silver badge

                  Finland does very well in PISA. South Korea does just about as well, with a system as different from Finland's as it is possible to conceive. Conclusion: PISA says very little about the quality of an education system, except to people who think a single numerical score is sufficient.

            3. Peter2 Silver badge

              Let me draw your attention to the fact that the Idiot Tendency in UK politics were concerned by the fact that Parliament and courts really were constrained by the EU council and didn't like it.

              Let me draw your attention to the fact that even Germany's constitutional court has had problems with The EU violating the German Constitution by EU bodies doing things that they aren't authorised to do via treaty or law.

              1. Lars Silver badge
                Coat

                That topic is interesting but your link is two years old and the case is not settled as far as I know.

                1. Peter2 Silver badge

                  It is largely settled; the German court made a legal ruling that the EU can't break the German constitution and basically described the legal opinions coming out of the EU's supreme court as being gibberish without any foundation in law and exceeding their legal power to rule on. ("Ultra Vires") The EU courts threatened to sue Germany for this ruling which threatens the principle of the EU's ever closer union, and the German government promised:-

                  Controversially, the Commission also noted that "the German government ... commits to use all the means at its disposal to avoid, in the future, a repetition of an ‘ultra vires' finding, and take an active role in that regard."

                  So the German government has committed to try and interfere with an independent court system to prevent it from finding that EU entities are doing things that are ‘ultra vires' which is a latin legal term basically meaning "You have exceeded your authority". The obvious issue here is that the German government is itself acting "Ultra Vires"; they can't legally commit to interfering with an independent court system under their own constitution; and especially not one which decides on what their constitution means.

                  So it's sort of temporarily over, but it won't end here. It's also worth noting simply because it's not just a handful of people in the UK that have problems with the EU overreaching; many people on the continent have these issues but until Britain left the EU were quite content letting Britain take the flack in saying "uh, no". Now Britain has left the EU other people have to stick their necks out; even in Germany which is one of the few beneficiaries of the current arrangements.

                  1. EnviableOne Silver badge

                    The German government acting in its capacity is able to change the german constitution or initiate actions to that effect, very much "Intra Vires" as in within their power.

                    This does not affect the previous decisions of the court which are and will continue to be valid under the constitution at the time, but the representatives of the german Volk can and should be able to amend the constitution applying to them.

            4. Anonymous Coward
              Anonymous Coward

              The ultimate sanction would, I suppose, be suspension of those countries from the EU

              I'm afraid you can't do that, Dave.

          2. gandalfcn Silver badge

            So what you're saying is that the Brexit claims about EU laws were not true?

            Shirley Knott!

      2. Lars Silver badge
        Happy

        @just another employee

        "The GDPR was adopted on 14 April 2016 and became enforceable beginning 25 May 2018. As the GDPR is a regulation, not a directive, it is directly binding and applicable, and provides flexibility for certain aspects of the regulation to be adjusted by individual member states.

        The regulation became a model for many other laws across the world, including in Turkey, Mauritius, Chile, Japan, Brazil, South Korea, South Africa, Argentina and Kenya. As of 2021 the United Kingdom retains the law in identical form despite no longer being an EU member state. The California Consumer Privacy Act (CCPA), adopted on 28 June 2018, has many similarities with the GDPR.".

        https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

        So it's for all EU countries but with some flexibility.

    2. wolfetone Silver badge

      "See Belgium's ban on video game loot boxes necessitating changes in FIFA Ultimate Team."

      Fair play to Belgium. It's disgusting that this form of gambling is promoted in a game where a good size of it's user base are children.

      1. Yet Another Anonymous coward Silver badge

        OK so I haven't played video games since Attack Of The Mutant Camels, but how do you have a loot box in a soccer game?

        Can you buy a chest that has an invisibility cloak, healing spells and David Beckham's left foot ?

        1. Anonymous Coward
          Anonymous Coward

          They contain additional players, apparently.

          1. Anonymous Coward
            Anonymous Coward

            They contain additional players, apparently.

            and guns. Which comes to the same thing, but much! more! FUN!

        2. wolfetone Silver badge

          It ranges from things like new players that are available to your team, historic players, unique kits, power ups etc.

          Nothing physically real, although of course it takes real money to purchase them.

          1. Yet Another Anonymous coward Silver badge

            Could they argue that since it's FIFA world soccer, the bribes are for extra realism?

            1. wolfetone Silver badge

              Imagine paying for a loot crate, and you end up with Sep Blatter and Jack Warner.

              1. TRT Silver badge

                Erm... I wish I knew what you were... aha!!!

                See that ludicrous display last night?

                What was Wenger thinking, sending Walcott on that early?

                Thing about Arsenal is, they always try and walk it in.

    3. Anonymous Coward
      Anonymous Coward

      You're admitting they have sovereignty?!

  2. Paul Smith

    Quo Bono?

    Exactly who is this change supposed to benefit? Lose the adequacy agreement and the UK loses access to easy data exchange with the EU, on the other hand, it means the likes of Facebook can do whatever they want with data about UK people. Cambridge Analytics MkII?

    I would suggest that someone takes a very serious look at who is lobbying whom and how much they are paying, because this stinks.

    1. Doctor Syntax Silver badge

      Re: Quo Bono?

      "Lose the adequacy agreement and the UK loses access to easy data exchange with the EU"

      In this respect it's interesting to look at the impact assessment (you can find in linked on https://bills.parliament.uk/bills/3322/publications )

      From that:

      "17. EU Adequacy decisions are adopted through a unilateral, autonomous EU process controlled and managed by the European Commission. As the UK diverges from EU GDPR, the risk that the EU revokes its Adequacy decision increases. EU Adequacy decisions do not require an ‘adequate’ country to have the same rules, and the Government’s view is that reform of UK legislation on personal data is compatible with the EU maintaining free flow of personal data from Europe."

      My emphasis; Rice-Davies applies. But it's not HMG that makes the adequacy statement, it's the EU.

      It gets wilder in para 18 which estimates the potential costs:

      "we estimate the impact of Adequacy with the EU being discontinued on top of these measures to be between £190 and £460 million in one-off SCC costs and an annual cost of between £210 and £410 million in lost export revenue when taking a micro approach to modelling. The analysis does not attempt to assign probabilities but simply estimates the impact in the event of loss of Adequacy. The trade impacts are the direct reduction in UK-EU trade and the impact may be larger when accounting for interactions with onward supply chains with trade with third countries."

      It continues with the remarkable statement:

      "As there is uncertainty in both the likelihood and timing of any decision, the impact is not included in the net present value or other measures in the summary of the IA."

      In other words we think we're OK (17) so we'll just ignore it (18).

    2. Jason Bloomberg
      Facepalm

      Re: Quo Bono?

      I would suggest that someone takes a very serious look at who is lobbying whom and how much they are paying

      There is no need for lobbying when the government and minister's ideology is "profit before people".

      Brexit was a dream of those who wanted to escape the clutches of EU regulation which limited the abuses they could indulge in, constrained their pursuit of profit. Gullible and stupid people voted "please screw us over" and that's what this government intends to deliver, claims a mandate for doing.

      1. Doctor Syntax Silver badge

        Re: Quo Bono?

        Gullible and stupid people

        They were voting for "we'll take back control" and thought that "we" included themselves.

      2. Anonymous Coward
        Anonymous Coward

        Re: Quo Bono?

        every reason is good to mention brexit (and bemoan it, like I always do, even more so, having been through Dover experience very, very recently). But I wouldn't subscribe to the conspiracy theory (escaping the clutches to increase profits, etc.) While I don't deny such result would be / will be / is welcome to brexiteers, I think it's giving them too much credit of sophistication and long-term planning. Methinks their goals were much more short-sighted and simple, i.e. very short-term political profit, staying in power on an easily-manageable popular sentiment.

    3. Mike 137 Silver badge

      Re: Quo Bono?

      " Lose the adequacy agreement and the UK loses access to easy data exchange with the EU"

      The US formally lost Privacy Shield but that made zero difference to the transfer of personal data from the EU and the UK to the US. Furthermore, Privacy Shield was grossly inadequate while it was recognised, and that mde no difference either.

      Non-compliance with the GDPR is widespread, the problem being that it's not formally enforced by the regulators but relies on complaints. It's a perfectly adequate (if not perfect) piece of legislation in principle, but as practically everyone has ignored it since day one, it has no effective teeth.

      1. Anonymous Coward
        Anonymous Coward

        Re: Quo Bono?

        "Non-compliance with the GDPR is widespread, the problem being that it's not formally enforced by the regulators but relies on complaints."

        In general if you open a complaint case with the ICO then they will only investigate the use/misuse of *your* personal data, even if your complaint also highlights the misuse of the personal data of a large percentage of the population they will not look into the wider aspect.

        ICO will only investigate large scale misuse of personal data when they receive "sufficient" complaints regarding it, where "sufficient" is something they decide (likely based on whether ICO could be bothered to do anything about it).

      2. SImon Hobson Silver badge

        Re: Quo Bono?

        But on the other hand, I think it's fairly safe to assume that there will be some elements of the EU machinery who would be more than happy to find reasons to punish us for daring to leave their brave new world. Also, cutting off the USA would cause massive damage to the EU, while cutting off the UK - I suspect they would consider that a positive thing as it would probably persuade some to move their operations to the EU for an easy life.

        So USA is big enough for them to work hard to find a plausible reason to allow data transfers to carry on for another few years until the courts declare that method invalid. The UK, "who cares".

        1. codejunky Silver badge

          Re: Quo Bono?

          @SImon Hobson

          "So USA is big enough for them to work hard to find a plausible reason to allow data transfers to carry on for another few years until the courts declare that method invalid. The UK, "who cares"."

          They cared when cutting off the UK would plunge them into immediate recession. Thats why their own banks were begging the EU not to do something really stupid after their bid to 'woo' the banks failed to our amusement.

          1. Anonymous Coward
            Anonymous Coward

            Re: Quo Bono?

            Silly Billy. You know full well that the UK is going to be the worst in Europe, financially, apart from Russia!

            It ain't the EU that's facing the recession, it's jolly old england and its dover carparks.

            https://www.newstatesman.com/chart-of-the-day/2022/04/the-uk-is-once-again-the-sick-man-of-europe

    4. Warm Braw Silver badge

      Re: Quo Bono?

      Exactly who is this change supposed to benefit?

      You need to focus on that word "supposed".

      It will not benefit anyone, no-one (outside government) has lobbied for it and no-one in government can construct a case for it in its own terms.

      However, this is merely the start of "performative divergence" - a fantastic fog obscuring the reality that the road to the sunlit uplands is jammed with parked lorries. It doesn't matter that nobody benefits. What matters is that the "supposed" benefits are through the fog, over the rainbow and beyond the horizon so the cultists are content to continue waiting for the rapture replacement bus service.

    5. Anonymous Coward
      Anonymous Coward

      Re: Quo Bono?

      everybody involved (and the rest) know very well, quo, and it's not you and me, nosir.

  3. wolfetone Silver badge

    Finally

    This is the brexshit I voted for.

    I found the current cookie law far to simple and one dimensional, and I was craving more bureaucracy in my work life. This, finally, scratches that itch.

    Who do I have to thank for this? I bet it's Nadine, she's a good 'un. Finger on the pulse etc.

    1. Will Godfrey Silver badge
      Unhappy

      Re: Finally

      You forgot the /s

      1. wolfetone Silver badge

        Re: Finally

        As with most of what brexshit has become, I have chosen to ignore convention and break long held rules about how to conduct business.

        1. Doctor Syntax Silver badge

          Re: Finally

          Become?

    2. Doctor Syntax Silver badge

      Re: Finally

      "I bet it's Nadine"

      It does indeed emanate from the Department of Culture media.

      1. Yet Another Anonymous coward Silver badge

        Re: Finally

        I'm torn between wanting more government and businesses tracking me online in order to protect me from from the children - but I'm British and so want to be tracked by biscuits not American 'cookies' - preferably hobnobs

      2. The Bobster

        Re: Finally

        "and for some reason, also sport" #W1A

      3. Richard Pennington 1
        Facepalm

        Re: Finally

        Another reminder that Culture Media is what is used to grow bacteria.

  4. VoiceOfTruth

    The essence of this is to treat the public like crap

    Businesses, no matter how rotten and dirty they are, = good. The public, the great unwashed who didn't go to the right schools, = bad.

    The ICO is a joke anyway, and not a very funny one. It grabs a small headline about data being transferred using WhatsApp to pretend that it is doing something other than polishing chairs, but is completely silent about medical records being sold to who knows who?

    1. ITMA Bronze badge

      Re: The essence of this is to treat the public like crap

      No it isn't.

      It is so that businesses can get back to treating us how they would like to treat us - a cash crop to be harvested and sold.

      1. GNU SedGawk

        Re: The essence of this is to treat the public like crap

        The Charter City idea is going to be "interesting".

        AFAIU we go to bed with rights, and wake up without them.

        I'm hopeful to have got the wrong end of the stick https://medium.com/@cormack.lawson/charter-cities-the-real-reason-for-brexit-and-the-bigger-picture-4de80dbb69fb

        Everybodies favourite dodgy group https://www.taxpayersalliance.com/charter_cities_f1_qrrrebspo_1e_acnz6xzb7l0 seems quite keen.

        The Scottish press don't seem so keen https://www.thenational.scot/politics/20267661.rishi-sunaks-beloved-charter-cities-pose-huge-threat-democracy/

      2. Lis

        Re: The essence of this is to treat the public like crap

        "It is so that businesses can get back to treating us how they would like to treat us - a cash crop to be harvested and sold."

        When did businesses (and governments) ever not treat us as a cash crop?

    2. Greybearded old scrote Silver badge
      FAIL

      Re: The essence of this is to treat the public like crap

      They weren't completely silent, they said, "Slapped wristies, don't do it again."

    3. Anonymous Coward
      Anonymous Coward

      Re: The essence of this is to treat the public like crap

      > but is completely silent about medical records being sold to who knows who?

      There is no real way to hold ICO to account.

      Complaints to the Parliamentary and Health Service Ombudsman only cover whether ICO followed ICO's documented procedures, you cannot complain about any decisions ICO reached.

      The only route regarding case decisions that ICO make is to take personal legal action against ICO, something that the majority of people cannot afford.

      1. VoiceOfTruth

        Re: The essence of this is to treat the public like crap

        -> There is no real way to hold ICO to account.

        As I wrote above, they are chair polishers. Jobs for some friends of politicians. Make a noise once in a while, then go back to polishing chairs.

        1. Anonymous Coward
          Anonymous Coward

          Re: The essence of this is to treat the public like crap

          "Make a noise once in a while, then go back to polishing chairs."

          Rather than polishing chairs they are actually complicit in covering up/enabling Data Protection law breaking:

          https://forums.theregister.com/forum/all/2022/07/21/amazon_one_medical/#c_4499249

          1. Anonymous Coward
            Anonymous Coward

            Re: The essence of this is to treat the public like crap

            Just noticed this ICO25 bad-taste joke:

            https://ico.org.uk/media/about-the-ico/documents/4020926/ico25-plan-for-consultation-20221407-v1_0.pdf

            Quote:

            "...showing that it can be a ‘how to’, not a ‘don’t do’."

            That'll be "showing how to break DP Law in a way that ICO will do nothing about" rather than "don't break DP Law" I assume...

      2. ITMA Bronze badge

        Re: The essence of this is to treat the public like crap

        Also the ICO will not uphold anything which appears to be a breach of privcy under GDPR if it goes against government policy.

        A case to illustrate this - I complained to them about my energy supplier, EON (and their "agents"), keep pestering me about when I want an appointment to have a "so-called" smart meter installed. My answer always been "NO - FUCK Off and DO NOT CONTACT ME AGAIN. You DO NOT have permission to conctact me about anything other than meter readings and my bill. I do NOT give you permission for my details to be used to contact me about anything else, especially smart meters".

        However, according to the ICO, because the roll out of "so-called" smart meters is government policy, energy companies are obliged to keep pestering me until I give in and can ignore my wishes and GDPR.

        In other GDPR and the ICO are utter shite.

      3. Anonymous Coward
        Anonymous Coward

        Re: The essence of this is to treat the public like crap

        and the procedure for accessing the documented procedures is available only the 29th of February, when the Moon rises, in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard.”

        1. ITMA Bronze badge
          Devil

          Re: The essence of this is to treat the public like crap

          They've been moved - I've looked there LOL

  5. Detective Emil

    And nothing of value was achieved …

    [W]ebsites won't need to require users to consent to "collect information for statistical purposes" about how a website or service is used "with a view to making improvements to the website".

    Since most sites want to drop cookies associated with advertising and tracking, if the law really is written this narrowly, all those sites will still have to present consent dialogs.

    1. Doctor Syntax Silver badge

      Re: And nothing of value was achieved …

      "Since most sites want to drop cookies associated with advertising and tracking"

      Why should sites be wanting to do this instead of just doing it?

    2. Anonymous Coward
      Anonymous Coward

      Re: And nothing of value was achieved …

      "Since most sites want to drop cookies associated with advertising and tracking"

      I believe you are misusing English here and you intended to say "want to set cookies".

      "to drop" implies throwaway, which is the complete opposite of what most sites intend to do.

      1. Yet Another Anonymous coward Silver badge

        Re: And nothing of value was achieved …

        "to drop" implies throwaway

        Not when it comes to bombs

        1. Greybearded old scrote Silver badge
          Headmaster

          Re: And nothing of value was achieved …

          Yeah, you throw them away. You don't want them exploding where you are.

  6. Expat-Cat

    Love articles like this. Trouble is the value is immediately devalued due to a major inaccuracy. GDPR does not mandate any sort of cookie behaviour; this is covered by the ePrivacy Directive from 2002.

    If this basic point is not known, how good is the rest of the information?

    1. David Nash Silver badge

      If that's the case, why did all the cookie-permission-popups only start appearing after GDPR rather than after 2002?

      1. Ben Tasker Silver badge

        They didn't.

        What did change after GDPR was they became much more detailed - prior to it, a lot of sites (particularly UK side) chanced it with a small banner/notification that said "This site uses cookies, if you continue you consent", which was never technically compliant, but the ICO had largely signed off on it.

        GDPR made it explicitly clear that that was not sufficient.

      2. Zippy´s Sausage Factory

        Because the GDPR raised the prospect of rather large fines, the 2002 directive was toothless by comparison.

    2. Lars Silver badge
      Coat

      @Expat-Cat

      Yes you find it here:

      https://en.wikipedia.org/wiki/Privacy_and_Electronic_Communications_Directive_2002

      "There are some interplays between the ePrivacy Regulation (ePR) and the General Data Protection Regulation (GDPR).Some EU lawmakers had hoped the ePrivacy Regulation (ePR) could come into force at the same time as the General Data Protection Regulation (GDPR) in May 2018.[3] In this way, it would repeal the ePrivacy Directive 2002/58/EC and accompany the GDPR in regulating the requirements for consent to the use of cookies and opt-out options."

      1. Expat-Cat

        How the 2 sets of Directives and Regulations interact is a full and complex subject. My point was that when I see an "expert" making a number of statements but with a large factual error in the basic explanation I am not inclined to look at those statements with much belief.

        GDPR makes only one short mention of cookies, and that is to clarify that where cookies may contain private data OR may be used in any way that allows an individual to be identified, then this is private data as covered by GDPR.

  7. OhForF'

    FUD?

    >require users to consent to "collect information for statistical purposes" about how a website or service is used "with a view to making improvements to the website"<

    Collecting statistics about the site usage could be easily done server side without any cookies or scripts on the client side.

    IANAL so i might be wrong but as i understand requirements of the GDPR collecting anonymized usage statistic about the site usage would not need user content but should be covered by legitimate interest so simply having a link somewhere explaining what you're collecting for this purpose should be enough.

    I have a hard time believing this kind of usage statistic is useful and find it much less believable changing this will "remove obstacles to innovation and business".

    1. Cederic Silver badge

      Re: FUD?

      A script that tracks your mouse as it moves across the web page provides information that helps site creators understand how you view, interact with and use that page.

      That information can be used to improve the readability and usability of the page, so that more profit can be made. I mean, so that the user experience can be improved.

      You can't do that server-side.

      1. OhForF'

        Re: FUD?

        So they track my mouse movements to try and trick me into clicking on some affiliate link?

        It would explain the layout on some sites, usability can't have been on their minds when they designed those.

        1. Craig 2

          Re: FUD?

          "So they track my mouse movements to try and trick me into clicking on some affiliate link?"

          No it's more sinister than that... they track your behaviour on a website to decide where to place certain elements. It's another facet of dark design. These are changes to encourage behaviour that you think you decided wholly by yourself without external influence.

          A real-world example I read about earlier.... In France, shops with Air Conditioning have been ordered to keep their doors closed to help save energy. Why would they keep them open you think? Surely it's costing them money. But... research shows more people will just wander in an open door and once in, they can be encouraged to buy or spend.

          1. Yet Another Anonymous coward Silver badge

            Re: FUD?

            >with a view to making improvements to the website

            If we track you when you visit any competing websites we can offer you different prices and so make money and use this to pay for improvement, so it's legal right ?

            1. ArrZarr

              Re: FUD?

              This isn't practically possible.

              In essence, you'd need the competitor to implement the tracking tags on their site* for your (their competitor's) benefit.

              You could implement rules based off the referrer, but it's unlikely that Argos will willingly send a potential customer to PC World directly so you'll usually have a search engine's domain between the two.

        2. ArrZarr
          Boffin

          Re: FUD?

          No. A good marketer doesn't trick you into doing anything.

          What she does is make sure that the thing you might be tempted into buying is available on screen, preferably the bit of the screen you're looking at right now.

          On the other hand, site UX is important and uses exactly the same tools. I've implemented tags for our UX team in the past that were all about whether users were following the site's journey comfortably (think [french car brand]'s online configurator. We wanted people to buy cars, but giving people a rubbish experience while mucking about choosing options isn't conducive to actually selling somebody said car.

          Are there marketers out there who will try to trick you? Absolutely. Should consumers need to be as paranoid as they are to avoid scammers? No. Will these scammers always abuse any legitimate tool they can corrupt to their purposes? Yes. They always have done.

          The problem you're facing is that doing good UX is hard, but you only notice it when it's bad. It's not so different from maintaining the network. People will only notice when it's down and not when it's up.

          Shoutouts to the kings of utterly vehemently user unfriendly design - Google. Their search page is the only thing of theirs where the UX isn't a complete and utter disaster.

          1. Doctor Syntax Silver badge

            Re: FUD?

            If a site has a journey my journey is via the Back button.

            1. ArrZarr
              Facepalm

              Re: FUD?

              I'm impressed that you can even use the internet without clicking on any link that sends you to another page on the same domain.

              Is it like a cult where the journey of a thousand miles will never start because you won't take the first step?

      2. Spazturtle

        Re: FUD?

        You can already do that under GDPR without getting permission from the user as unless you tie it to other data it is not personally identifiable. Many websites already do this using the HTML5 Canvas API.

      3. Stork Silver badge

        Re: FUD?

        Most browsing does not involve mice, it’s done on mobile devices using fingers.

        A lot of (older) people who’ve been online for long may forget that (raising hand).

        1. SundogUK Silver badge

          Re: FUD?

          Numbers?

          1. ArrZarr

            Re: FUD?

            30/60/10 Desktop/Mobile/Tablet.

      4. Anonymous Coward
        Anonymous Coward

        Re: FUD?

        Tracking mouse movement in a cookie? Are you taking the piss?

      5. Anonymous Coward
        Anonymous Coward

        Re: FUD?

        Why the fook is my browser sending mouse events to some third party?

  8. Jedit Silver badge
    Stop

    "easing the burden of cookie consent on website users"

    Come on, just say what it means - they're going to relieve us from the trouble of refusing cookies by not giving us the chance to do so.

    1. codejunky Silver badge

      Re: "easing the burden of cookie consent on website users"

      @Jedit

      "Come on, just say what it means - they're going to relieve us from the trouble of refusing cookies by not giving us the chance to do so."

      Only if we are lucky. Since most people just hit accept but have to put up with the bureaucratic 'tick box' exercise of annoying people it would be considered an improvement. Almost like those days longed for where the internet was free of the infestations of clipboard wielders and other bansturbation fetishists.

      Do people remember the days when you could go online and go to the page you wanted to see. That it would come up and you start interacting with it. Before they littered it with an annoying banner you ignored at the bottom of the screen. Before the annoying banner people ignored had to be interacted with first. When the internet was free of most government involvement and we laughed at China for their 'great firewall'. Before organisations like the EU imposed rules that some US companies didnt bother complying with and so shutting the EU off from direct viewing.

      1. Anonymous Coward
        Anonymous Coward

        Re: "easing the burden of cookie consent on website users"

        The US companies that have made themselves unavailable are not able to say that their data collection policy isn't shady.

        This is like blaming the EU for stopping someone visit, because the EU has an arrest warrant out for a murder they committed.

  9. heyrick Silver badge

    "with a view to making improvements to the website"

    Oh, of course. And like "Legitimate interest", this won't ever be abused, no sir-ee...

  10. Phones Sheridan Bronze badge

    By default all UK companies should be complying with the GDPR, as it is currently enshrined in UK law, and therefore should fall under adequacy agreement. After this law passes, no changes are needed for those companies that want to continue doing business in the EU. Just continue to do what you do now, and if your customers want to continue trading with you, they will.

    Any businesses that solely want to do business in the UK, go for it, all bets are off.

    1. Doctor Syntax Silver badge

      If this law passes - and, sadly, you may be correct to say "after" - UK law may not be considered adequate for protection of data transfers from the EU. That decision will be entirely that of the EU irrespective of the Department of Culture media's hopes in para 17 of its impact statement (see my comment above).

      If the adequacy ruling is lost it doesn't matter whether some company continues to follow GDPR or not, at best it will have to jump through extra hoops AKA (standard clauses) to try to prove to EU regulators that it's compliant and even them might find that someone like Max Schrems takes action in the courts to show that the clauses don't mean anything.

  11. Doctor Syntax Silver badge

    Browsers could face two regimes in Europe the UK. Or are we ceasing to regard N Ireland as being part of the UK?

    1. Anonymous Coward
      Anonymous Coward

      Not sure what you are trying to say. Are you claiming that Northern Ireland still follows (EU) GDPR rather than UK GDPR?

      After Brexit NI has remained subject to *a limited set* of EU rules, none of which include Data Protection:

      https://www.consilium.europa.eu/en/policies/eu-uk-after-referendum/the-protocol-on-ireland-and-northern-ireland-explained/

    2. Strahd Ivarius Silver badge

      You know that Europeans access UK web sites?

    3. Dan 55 Silver badge

      NI is under UK GDPR.

      Data protection and data transfers on the island of Ireland after the post-Brexit transition period

      However EEA individuals which used a UK business up until the end of 2020 have and always will have their data stored under the GDPR as it was in the UK the end of 2020.

      UK General Data Protection Regulation (UK GDPR)

      Personal data about individuals located within the EEA, which was gathered by UK businesses before 1 January 2021, will be subject to the EU GDPR as it stood on 31 December 2020. This is known as the 'frozen GDPR'.

      As soon as the UK diverges, this will be a headache for UK businesses as they will have to deal with two sets of customers: 1) pre-Brexit EEA customers and 2) post-Brexit EEA customers + all UK customers + RoW customers. Additionally post-Brexit EEA customers in the second group depend on the UK getting a favourable adequacy decision with the EU, so perhaps you could say there are three groups.

  12. Tubz

    If companies could be trusted to accept and follow a users tracking choices based on simple global settings in the browser, then life would be simple, sad part is we know a lot of companies just ignore users opt out and play dumb when it come to GDPR etc, as they normally allowed to get off with a sorry and a small slap on wrist !

    I would be more than happy to contribute to a websites stats on how it performed or what got clicked most regularly to improve design, but as it stands, I block everything at every site and customise.

    1. Flocke Kroes Silver badge

      My confidence in browsers has already reached the point where I use separate user accounts on my computer to browse different sites and I clear cookies between visits. Pays off when shopping: I get introductory offer codes when I use a clean browser that are still valid when I log in to check out.

    2. Mike 137 Silver badge

      Logs?

      "I would be more than happy to contribute to a websites stats on how it performed or what got clicked most regularly to improve design"

      You already do. Practically all this information can be extracted from local server logs.

      The rise of 'third party analytics' has been on the back of an erroneous assumption that much smarter folks than us are needed to do for us what would be beyond our tiny minds. That advantage in the case of analytics has been primarily to the analytics providers as it's given them insight into the habits, desires and manipulability of entire populations that they couldn't have got access to any other way. And site owners are actually paying them to acquire this insight.

  13. Mike 137 Silver badge

    A total failure to uinderstand, or maybe ...

    "The British government has promoted its approach as a way of easing the burden of cookie consent on website users"

    The 'burden of cookie consent' is a bogus artefact, entirely due to the way the consent requirement has been implemented by site publishers. What's required by current legislation is not intrinsically burdensome. But if implemented according to law in a convenient way (which is perfectly possible), it would almost certainly prevent site publishers taking advantage of cookies for surreptitious snooping.

    The law does not require a 'consent banner', it simply requires that the user has a choice. So a lawful and non-intrusive mechanism might simply be no cookies other than those strictly necessary as the default, and a link somewhere that doesn't interfere with access to the site, which, if followed voluntarily, would allow the user to agree to additional cookies. But oh dear - nobody would bother to follow the link, would they, unless their access were blocked by a bloody great intrusive banner until they do?

    What HMG seems to be doing (under the guise of failure to understand the true nature of the problem) is to open the doors to an uncontrolled cookie free-for-all (that is -- free-for-site-publisher) that removes the right of the user to keep their browsing tolerably private. This is to be expected in the context of the planned general 'deregulation', including for example the repeal of 'all EU law' -- not because it's not fit for purpose (much of it being very fit, and indeed in some cases created at the behest of the UK) but merely because it's 'European' and we aren't any longer.

    Roll on the triumph of ideology and big business greed over common sense and respect for persons.

  14. Spazturtle

    The simple solution is to make the browser preference a mandatory setting that UK users must set to use the browser, so when first opening the browser the use gets to choose if they want to be tracked or not. Then the browser can pre-notify the website of the user's tracking preferences and won't be permitted to show the popup, but for EU users who might not have configured their browser the GDPR popup is still shown.

    1. Mike 137 Silver badge

      Cookie preference settings in the browser?

      "The simple solution is to make the browser preference a mandatory setting that UK users must set to use the browser"

      That's a great idea in principle, but in practice there's no way to make it work from a technical perspective. The law defines two classes of tracker: 'cookies (all tracking devices) that are strictly necessary for the provision of the service to the user, and other trackers. The first includes things like shopping cart lists, authentication tokens &c. without which the site cannot deliver the service, and second includes all other purposes, without which the site would still work for the user.

      Unfortunately, that's a distinction the browser cannot discriminate -- what the purpose of the cookies is at server side. 'First party' vs. 'Third party' (which the browser can distinguish) does not meet the criterion, and there's no way the browser can reliably understand the ultimate purpose of a cookie from its content.

    2. Anonymous Coward
      Anonymous Coward

      You mean like the "Do Not Track" setting/HTTP header implemented in multiple browsers?

      That really worked out well didn't it?

      https://en.wikipedia.org/wiki/Do_Not_Track

      1. Spazturtle

        Websites were never legally required to follow DNT and it lacked granularity.

        1. Anonymous Coward
          Anonymous Coward

          Legal or not, there is no way to trust the ad companies would ever honour such a mechanism.

          All mitigations MUST be done client-side. Anything else is useless.

  15. Anonymous Coward
    Anonymous Coward

    About those Fortnum's shopping bags.....

    Quote: "...threaten the UK's adequacy status..."

    GDPR was always a joke. Just look at the data slurping being done by DeepMind/Google or Palantir....and tell me that GDPR and "user consent" are both being enforced!

    "Adequacy"......no......everything in the UK is for sale......Fortnum's shopping bags stuffed with cash....and even the elite are getting in on the trend!

    1. Anonymous Coward
      Anonymous Coward

      Re: About those Fortnum's shopping bags.....

      GDPR is not a joke.

      Maybe enforcement is poor, but the law isn't.

  16. JDPower666 Silver badge

    Started reading this and for a second thought, finally, something good from brexit, no more ruddy consent nags. Then I got to "Conservative government says it wants to make data protection law more flexible and allow data sharing with other nations"

    You never have to scratch to deep to find the real motive behind tory plans.

  17. codejunky Silver badge

    Meh

    Usual bed wetting aside as far as the UK companies go they will either comply with GDPR for EU access or if they are domestic and or rest of the world they will have slightly less restriction. This doesnt sound like some fantastic getting away from EU rules but remainers are right to point out the EU are little children who might threaten adequacy rules just as they punish NI out of spite.

    Looking at the EU in all its magnificence is anyone under the illusion they wouldnt blow another foot off to 'win'? If they did revoke adequacy the EU probably realises the UK has little reason to hold on to other regulations. And as they fear the UK being competitive if unchained by EU rules it might make them think twice.

    1. Claverhouse Silver badge

      Re: Meh

      Well at least they got rid of the British whiners; they are going to do a lot better without us.

      1. codejunky Silver badge
        Trollface

        Re: Meh

        @Claverhouse

        "Well at least they got rid of the British whiners; they are going to do a lot better without us."

        Oh damn did we keep you?

    2. Anonymous Coward
      Anonymous Coward

      Re: Meh

      dear oh dear, one minute you say we are all powerful and the EU will bend to our every whim, the next, you are blaming everything that goes wrong on the EU for punishing us.

      I presume you also reckon that gyms are being childish if they don't let you in after you've cancelled your membership? I guess you think they are making these rules up just to pick on you.

      The little englander exceptionalism is strong with you.

  18. Pen-y-gors

    To be fair...

    I rather like the idea of having an option in my Firefox to refuse all non-essential cookies on all sites. And make it automatic and default refuse.

    1. Greybearded old scrote Silver badge
      Thumb Up

      Re: To be fair...

      Here you go.

      It doesn't get all of them yet. And it relies on there being the cookie pop up. When they can assume consent unless you find the opt-out form behind a door marked "Beware of the Leopard" I expect it will become obsolete.

  19. Greybearded old scrote Silver badge

    If only

    What we need is an automated way to signal non-consent. We could call it something like a "Do Not Track" header.

    Oh.

  20. captain veg Silver badge

    seize

    '"We now have the opportunity to seize the benefits of Brexit" said Matt Warman, minister for media, data and digital infrastructure, introducing the Bill.'

    As opposed to seizing up the economy, the principal consequence of Brexit.

    -A.

  21. Anonymous Coward
    Anonymous Coward

    with a view to making improvements to the website

    more revenue from data hustling is a great incentive to make improvements to the website in order to get more revenue from data hustling to make improvements to the website in order to get more revenue from data hustling

  22. Anonymous Coward
    Anonymous Coward

    make data protection law more flexible

    in the same fashion as working hours and conditions have become more flexible, never mind extremely flexible wage structure. But hey, they are the government, they govern. The little people are voters, they will vote. For the tories. Again. And even if they vote for the other lot, what chance the law that's become the law by then, will have become changed by labour? After-all, labour are already as business-friendly to big business as tories. Sorry, I meant, 'as flexible as tories'.

  23. Howard Sway Silver badge

    Businesses providing browsers or publishing websites would need two very different regimes

    Or alternatively, they could decide to just stick with the one regime that they have already complied with. In Brexit Headcase Land, the rest of the world is going to put in huge amounts of expensive work to comply with the UK's new shiny different-for-the-sake-of-being-different regulations. In reality, browser makers and foreign sites aren't going to bother rewriting stuff just to serve the whims of what looks like a government in chaos in one country. Especially as they suspect that new rules won't be enforced, due to the cost of doing so, and that any attempt to enforce them can easily be beaten by simply stopping their service for UK users, and waiting for the public outcry that follows to force the government to back down.

    1. codejunky Silver badge

      Re: Businesses providing browsers or publishing websites would need two very different regimes

      "In Brexit Headcase Land, the rest of the world is going to put in huge amounts of expensive work to comply with the UK's new shiny different-for-the-sake-of-being-different regulations."

      I dont see where that is said though. Just because it will be less difficult in the UK doesnt mean they wont comply with EU regs if the EU is their market (just like all trade must meet the importing countries regs). So unless that is somehow wrong the rest of your comment is irrelevant.

      Sounds like it will mostly make things easier domestically which is why we wanted to leave the EU. As I said in an earlier comment this isnt some breakaway make our own rules brexit win just as its not really something worth noting from the EU side. Seems fairly tame and almost pointless in my opinion.

  24. genghis_uk
    Stop

    UK Government and Internet

    Why is it that every time I see UK Gov (especially MINI-FUN), and Internet in a sentence, I just know they are messing things up?

    Government ministers are quite frankly, clueless about everything technical the internet - why do they keep trying to meddle? Mad Nad is on record thinking the internet is only 10 years old - won't someone save us from these muppets?

    1. Anonymous Coward
      Anonymous Coward

      Re: UK Government and Internet

      Anything IT. There's even a book "crash". I'd love to see a new edition of that. They've ****d up so much more since then.

  25. mark l 2 Silver badge

    If you are a UK SME that also deals with EU customers, are you going to bother with the time and expense to run two systems or just stick with the way you have been working for the last few years to comply with EU GDPR? So in reality I think the number of consent banners might drop a bit but not by as much as the Tories are making out.

    Of course all those big corps like Meta, Google, Amazon will be quite happy to run a specific UK system where they can start slurping your data and tracking you again.

    Either way im stick with Firefox containers, Ublock origin, and the strict tracking protection setting in my browser.

  26. Anonymous Coward
    Anonymous Coward

    This would be amazing

    It would be amazing if this happened. Whoever removes the need to click on anything going from website to website is a legend worldwide. This should never have happened. The level of stupidity having users have to click cookies on every website is incredible.

    None of this should have ever happened.

  27. Anonymous Coward
    Anonymous Coward

    Bring back session cookies

    Been a while since browsers actual removed session cookies on restart. (Or websites didn't just use infinite lifetime cookies for everything.)

    And that's probably because they (Firefox and chrome I'm looking at you) need them to survive a crash or browser update.

    They did (back in the day) just what they say. Save all the stuff that you need to work and then it goes away.

    Gone the way of "cache time". That killed was by Web developers who want everything to be "live" rather than what was there an hour ago.

    1. SundogUK Silver badge

      Re: Bring back session cookies

      Pretty much every browser I use (Pale Moon, Brave, Opera) has an option to delete all cookies when you close the browser - with an option to whitelist specific sites - so I don't really care about all this.

  28. LybsterRoy Bronze badge

    I have a suggestion - rather than passing bills to alter GDPR lets just have a bill that requires all browsers to implement "I Don't Care About Cookies" with an on/off switch.

    1. navarac

      About right. The Cookie banners on websites are getting obtrusive and very annoying. Typical EU. Thank goodness we (the UK) ditched this bureaucratic unelected nonsense. They couldn't organise covid jabs let alone anything else.

  29. Dave 15 Silver badge

    Its simple

    Make it ILLEGAL to cover more than 10% of the screen with cookie information, illegal to have 'must allow' cookies, illegal to not provide a reject all cookies and all 'legitimate interest' on the cookie notice with a single button.

    I suspect the EU will be happy to follow suit.

  30. Dave 15 Silver badge

    iBrowsers or webpages?

    I am pretty sure the fact those pathetic block the whole screen with a bit accept button and allow a 3400 click system to say no to cookies is a feature of the website not the browser you use because its the same on all browsers. The companies with websites like it should be fined hugely, banned until they have fixed ti

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022