Impact of Changes to UK Data Privacy Laws on the Digital Media Industry

Many CCTV cameras on a wall

On 25th May 2018, the General Data Protection Regulation (GDPR) was put into effect in Europe. In the run up to this, the industry scrambled to understand the legal implications of this data protection law which replaced the previous 1995 data protection directive; a time when the digital world was a very different place. Having increased the level of strictness around data collection and its use, brands pivoted their strategies to a new reality that put limits on the approach to data and activating against it.

On 31st January 2020, the United Kingdom left the European Union, and at the end of August 2021, the UK Government announced that they would be overhauling privacy rules in a divergence from EU GDPR. In September 2021, posted an open consultation on this new direction for the UK’s data protection regime, giving the public an opportunity to submit their feedback. The consultation description of ‘Data: a new direction’[1] said the proposal’s aim, among others, was to “Maintain high data protection standards without creating unnecessary barriers to responsible data use”.

While it is packaged as minor changes to simplify the current EU policy, as you read around the detail, it becomes clear that businesses need seriously to consider their approach in light of this. While the analysis of expected impact[2] puts confusion of current policy at the centre of the need for this intervention, I would argue that after more than three years of getting to grips with EU GDPR this has the potential to confuse things further.

Impact of Privacy Laws on Cross-Regional Data Strategies

First, it poses a question around whether to factor regional nuance into existing or future data strategies. Businesses operating in Europe will need to make the decision as to whether they segment their data strategy by regional legislation to take advantage of markets with more leniency or whether to focus on one comprehensive data strategy that works to the common denominator of the strictest data privacy laws.

If businesses push to separate their data strategy at a regional level based on perceived advantage, they are likely to find their efforts diluted as one clear data strategy can prove challenging even for the more digitally mature brands. By taking a consolidated approach, brands may be limiting themselves beyond the required local legislation, but can focus on a comprehensive and more impactful strategy.

But let’s hold that thought for a moment. As well as the capability to make these adjustments to their data strategies, brands will need to consider their ethical position on this change in legislation before deciding a way forward. In the introduction to ‘Data: a new direction’ it states, “Outside of the European Union, the UK will capitalise on its independent status…’. While in his ministerial foreword, Oliver Dowden, Secretary of State for Digital Culture, Media and Sport, emphasises the need for the protection of people’s personal data to be “at the heart of our new regime”, these changes will come with a lot of cynicism on this first point from those who view this as a money making opportunity at the expense of the general public and their data.

Public Sentiment on Data Capitalisation

After more than a year of the pandemic, we are under no illusions that the government are looking to stimulate the economy, but there is also an overtone of needing to prove the value of Brexit. This is further fuelled by the media publishing headlines such as ‘UK dials up the spin on data reform, claiming ‘simplified’ rules will drive ‘responsible’ data sharing’[3] from Tech Crunch and  ‘The UK’s risky rush to cut Brussels Rules’[4], from The Financial Times. Businesses will therefore be put in the position of choosing between a moral obligation to their customers and the revenue opportunities produced by this change.

The industry needs to weigh up innovation in areas such as AI, which are championed as the direction of progress with what is best, and right, for consumers. As consumers continually expect more from the brands they interact with beyond their transactional relationship, their morality on an issue like this could quickly become part of the conversation.

In PwC’s A to Z of Tech podcast, episode ‘P for Privacy’[5], Fedelma Good, Director and co-leader of PwC UK’s Data Protection Strategy, Law and Compliance Services practice says, “at the heart of privacy is the concept of trust”.  With several large data breaches having taken place in recent years, this has never been truer and, as Good goes on to say, there is the importance of transparency and accountability from those who are collecting data. In fact, John Mitchison, Director of Policy Compliance at the Data and Marketing Association, confirms in the same podcast that 88% of people want to see more transparency of how their data is collected and used. With part of the UK proposal looking at scrapping cookie warnings, it feels like a step backwards in the spirit of transparency, rather than forward.

Prior to GDPR, it is safe to say that a large proportion of the UK population were not clear on what cookies were and what they did. With the introduction of EU GDPR, which affected businesses far beyond their marketing departments, there was a mass education on this topic at a professional level that flowed into the personal experiences of consumers. If we had not had three years of banners popping up left right and centre, directing us to accept cookies or manage our settings, consumers, too, would likely give very little thought to what was happening with their data. But now that we have come this far, the removal of these will be met with resistance, as users question why brands are giving them less transparency than before.

To counter this, the proposal cites the Deloitte 2020 report ‘Changing attitudes to data privacy’.[6] Here it concludes that consumer concern about data sharing should continue to decline. This is based on a comparison of level of concern over companies using respondents’ data from 2018 to 2020. I do not think it’s a coincidence that concern in 2018 was higher when this was the year GDPR came into effect. To get a true sense of sentiment, we would need to look prior to this to see if concern spiked during 2018 as an anomaly to the curve due to this policy. It is also interesting to consider whether concern has in fact lowered due to the transparency offered by EU GDPR. With more visible markers as to when data is collected and by whom, consumers may feel less concern, due to a greater understanding. While the report goes on to speculate that consumer understanding of data sharing may not be increasing, this is based on consumers being able correctly to identify which types of information are shared with online organisations. Just because understanding has not yet reached this level, I do not think that means that there has not been a more general increase in understanding as data security is becoming a more mainstream topic of discussion. Finally, the report concludes that users are unlikely to micro-manage their permissions for every website. We all know that we accept cookies that we would otherwise probably decline due to never-ending pop-up fatigue, but this does not directly translate into consumers not wanting this control. Although it has its own challenges, Elizabeth Denham’s, the information commissioner, suggestion that preference should be set once on their browser provides an interesting perspective of the different direction this proposal could be taking.

Any changes made to data strategy based on this proposed update to UK privacy laws should take into consideration this current sentiment of consumers and whether the perception will focus on the benefit to businesses at the expense of their customers.

What this means for Digital Transformation

Beyond this question of ethical use of data, we return to the reality of complex data strategies. There are varying levels of maturity ranging from those brands who have limited first-party data which is rarely used, or in silo, all the way to those who have a comprehensive data collection and activation strategy. For a business at any level of maturity, adding the additional complexity of regional nuance will require further data segmentation and subsequently greater operational resource. This can also negatively impact any plans for use of this data in machine learning where, famously, the more data the better.

When working on digital transformation projects, an integration of data provides the foundational layer. The value in data is the action that can be taken against it, and to take business changing action requires sophisticated measurement and decisioning capabilities. By bringing data sources together, businesses can make decisions based on the whole picture, which tends to result in not just growth, but also efficiencies. Without this holistic approach, we are unlikely to deliver an effective customer strategy as segmented data stands as a barrier to both insight and consistency in experience. With 83% of businesses in a 2018 BCG study unable to make connections across consumer touch points, and 78% unable to attribute value to touch points along the customer journey, focus should remain firmly on how to bring these elements together, rather spending time negotiating the divergence of EU and UK law.[7]

Between the crystallisation of a strong data strategy and the trust of customers, it is my opinion that businesses should avoid getting too distracted in pivoting their strategy in accordance with the leniency proposed in the change in UK legislation. To echo the opening of The Financial Times article on this topic, ‘Just because you can, does not mean you should’.

Want more like this?

Want more like this?

Insight delivered to your inbox

Keep up to date with our free email. Hand picked whitepapers and posts from our blog, as well as exclusive videos and webinar invitations keep our Users one step ahead.

By clicking 'SIGN UP', you agree to our Terms of Use and Privacy Policy

side image splash

By clicking 'SIGN UP', you agree to our Terms of Use and Privacy Policy