“Britain will attempt to move away from European data protection regulations as it overhauls its privacy rules after Brexit , the government has announced. The freedom to chart its own course could lead to an end to irritating cookie popups and consent requests online, said the culture secretary, Oliver Dowden, as he called for rules based on “common sense, not box-ticking”.   But any changes will be constrained by the need to offer a new regime that the EU deems adequate, otherwise data transfers between the UK and EU could be frozen.”

“The government has sent a first signal of its intention for UK data protection laws to part company with the EU’s General Data Protection Regulation. In a Financial Times article last week, culture secretary Oliver Dowden said he would use the appointment of a new information commissioner to focus not just on privacy but on the use of data for ‘economic and social goals’.”

“Recent jurisprudence by the Court of Justice of the European Union also further crystalized the law around cookies, making it clear that consent must be actively signaled — meaning a digital service cannot infer consent to tracking by indirect actions (such as the pop-up being closed by the user without a response or ignored in favor of interacting with the service). Many websites use a so-called CMP to solicit consent to tracking cookies. But if it’s configured to contain pre-ticked boxes that opt users into sharing data by default — requiring an affirmative user action to opt out — any gathered “consent” also isn’t legal.”

“While larger brands have taken a proactive approach to achieving GDPR compliance, smaller retailers are more passive — observing the trends and waiting for precedent-setting public cases to provide more clarity on the actual financial and reputational risks of poor compliance. But now that GDPR is about to hit the one-year mark in tandem with California’s Consumer Privacy Act, a new law that will enhance privacy rights for residents of California, retailers will need to rethink their lax data protocols to avoid penalization and the risk of losing customer trust altogether.”

“noyb (a European non-profit organisation for privacy enforcement) has put the GDPR law and eight online streaming services from eight countries to the test – but no service fully complied. In eight out of eight cases, noyb has filed formal complaints with the relevant data protection authorities. All major providers engaged in “structural violation” of the GDPR law, says Max Schrems, Director of noyb.”

“GDPR has driven European retailers to cut back substantially on marketing emails but has led to a rise in their effectiveness, new research shows. A study by retail personalisation platform Nosto of its EU-based retailer customers found that the number of automated marketing emails has halved since the introduction of the legislation on 25 May of this year. The company arrived at the figure by comparing the number of emails sent in June 2018 with the number in June 2017.”