There’s so much for direct marketing privacy professionals and practitioners to look out for in 2024.
Towards the end of last year, the ICO told us they’d written to owners of some of the UK’s most visited websites where they could see that cookie usage wasn’t compliant with the PECR. These ultimatums gave the website owners 30 days to respond.
This, after years of being fairly quiet on cookies while they (and everyone else) figure out what cookie usage and compliant consent collection means to people. The 30 days have now passed and we wait with bated breath to see what actions come out of it.
The ICO has in other areas enjoyed handing out fines under the PECR and more power to their elbow for that. Spam texts, emailing without consent and illegal marketing calls are a constant modern-day scourge and deserve all the approbation they get. Maybe the ICO wants to get a few more cases off their desk before PECR fines are brought into line with GDPR fines in the upcoming DPDI (Data Protection and Digital Information) Bill.
The DPDI bill is designed to update data protection law and is already in committee stage in the House of Lords. You could therefore be forgiven for thinking that the bill will be a law soon enough, and you might even welcome it. The bill does make it easier for UK businesses to comply with the law including clarifications on what constitutes ‘Legitimate Interests’ for instance and reducing the need for red tape and bureaucracy.
However, the government added 240 so called ‘minor amendments’ to the bill on its final day of reading in the Commons, then used its majority to push it through to the next stage. While most of these amends were indeed minor, they did contain clauses which have some privacy experts twitching in their sleep. Most notably, the Department of Work and Pensions could be allowed to freely interrogate the bank accounts of anyone claiming benefits of any sort. With half the population receiving some form of assistance, and the bill permitting the DWP to access accounts of any people connected to the claimant, I think many would like to see this clause guillotined.
Let’s hope the normally somniferous House of Lords can stir its inhabitants enough to pay close attention to this bill. With so many amends and quite a lot of media coverage, the Lords could be debating it until the next election (does anyone else feel like we’ve been in the run up to the election for years already?) which might mean it never gets passed.
This may not in fact be a terrible thing. At some point in 2024, the European Commission will be having another look at the UK-EU adequacy decision to determine if UK data protection regulation is still, well, adequate. The DPDI could potentially throw a spanner in the works here. For any of us trading with Europe this could be the one to keep a very close eye on.
With the potential end to the long running engagement between the ICO and Experian coming at some point this year, it looks like 2024 might be a very interesting year for people who care about Privacy.
