The UK government’s draft Data Bill that may give platforms an exception to use third-party cookies for analytics and other website monitoring purposes without seeking users’ explicit consent could be an “inspiration” for EU lawmakers, a former UK government official told MLex. The EU is seeking to lessen the regulatory burden on small companies.
The UK government’s draft Data Bill that may give platforms an exception to use third-party cookies for analytics and other website monitoring purposes without seeking users’ explicit consent could be an “inspiration” for EU lawmakers, a former UK government official told MLex.Joe Jones, the IAPP’s director of research and insights, said that the UK proposals are likely to be closely examined when the EU begins its “simplification” review of the General Data Protection Regulation. The EU is seeking to lessen the regulatory burden on small companies (see here).
“I think that is likely to be one of those proposals that, in today's environment, the EU will look at with some inspiration, rather than as a threat, as part of simplification,” he told MLex in an interview at the IAPP’s annual conference* in Washington.
Jones, who served as the deputy director for international data transfers with the UK government, said that the former Conservative government’s proposals for the Data (Use and Access) Bill included several important measures to lift burdens on small businesses.
These changes included removing the requirement to have a Data Protection Officer — who ensures GDPR compliance — for smaller businesses, removing data protection impact assessments unless it's for high-risk processing, and removing records of processing agreement requirements for very small businesses.
Jones said those proposals were dropped by the Labour government, but they are the type of plans that the commission would examine closely.
The UK Information Commissioner’s Office has pledged to relax parts of the Privacy and Electronic Communications Regulations, with further amendments beyond those set out in the Data (Use and Access) Bill, as part of a series of pro-growth commitments (see here).
The exceptions to the requirement for consent for certain types of cookies, particularly those used for analytics or to enhance user experience, have been included in the Data (Use and Access) Bill.
“We are aware that there are forms of online advertising that need to use people's data, not for intrusive behavioral targeting, but actually for simple things, like to measure whether or not an ad has been viewed,” Stephen Almond, the ICO’s director of technology and innovation, told MLex in an interview.
Under the EU e-Privacy Directive, websites must seek users’ explicit consent for the processing of personal data for cookies. This rule applies to all cookies, including analytical cookies, and usually takes the form of cookie-consent banners.
The EU has tried to reform these rules, but earlier this year, the European Commission abandoned the draft e-Privacy Regulation. The EU executive is now considering measures to address cookies in potential new legislation.
Almond said that seeking users’ consent for analytical cookies is “heavy-handed.” The regulator will signal to companies that it won’t enforce consent rules for these kinds of cookies, he said.
“Our hope is that this will actually tilt the tables such that organizations who really want to do the right thing in terms of respecting people's privacy have got a viable model for deploying online advertising without having to gather consent,” he said.
The ICO is working “very closely” with the UK Government to include these exceptions in the Data (Use and Access) Bill, he said.
* IAPP Global Privacy Summit 2025, Washington, DC, April 22-24, 2025.
Please email editors@mlex.com to contact the editorial staff regarding this story, or to submit the names of lawyers and advisers.