Less cookies, more choice

An interesting takeaway from the Information Commissioner’s Office (ICO) in 2023, is that their most common investigation is into firms who have sent emails in error and particularly in the healthcare sector. 

Clearly then, regularly reviewing your customer list / CRM remains important.  It remains important to ensure you have up-to-date correct contact details for your customers, not old data lurking for years.  You need to have express consent from data subjects to hold their personal data, or legitimate interest where applicable, and best practice is to ask each customer every year if consent continues to be given.

Finally – do not forget to seek consent for specific uses, which are not vague.  The more clearly you communicate your grounds for processing, the more informed is the customer consent.

The Data Protection and Digital Information Bill had its first reading in May of this year 2023, and is intended to make everyday life better for people in two clear ways:

• reducing cookie pop-ups.  That sounds sensible, given the pace we wish to move about the internet and efficiencies with those pop-ups should be found,
• bigger fines for nuisance calls and nuisance texts.  Likely fines of £500,000 to £17.5 million or 4 % of global turnover in the case of the worst examples of nuisance calling and nuisance texting.

Another area to keep in mind, is the growing movement to give customers (“data subjects”) more control and choice in the realm of data protection – i.e. more customisation of preferences.

The ICO continues to work with government and industry to encourage companies to continuously improve the ways consumers can set data preferences effectively and readily – in the interests of increasing fair use of personal data.

Too often, the pop-up banner presents one option ‘Accept all’ (cookies), when arguably best practice is a wider array of options – all equally quick and easy to select – including ‘Reject all’.

Disclaimer

Any and all blogs by Board Originator Ltd and any of its employees are for interest of the readership only.  We do not endorse any news or information we may publish in our blog.  Our blog is not intended to and does not constitute legal or professional advice to any person or corporation.  Our posts are general alerts or updates to topics that may interest our followers and consist of a brief overview therefore are incomplete on information and may contain errors at any time.  Readers are not to rely on our blog content and those that do rely, do so at their own risk.  We accept no responsibility to readers for our blog and we will not be held liable for statements in or third party links within our blogs.  Any common law liability is also excluded as permitted by law.  We do not accept any liability for damages whether direct, indirect, special, consequential or otherwise under any circumstances, whether foreseeable or otherwise.  Please also see our extensive website terms and conditions in the footer of our website.