In the first of a series of articles, Decision Marketing looks back over the past 12 months – and forward to 2025 – to gauge the progress of a number of seemingly immortal issues facing every marketer and their agencies to try to determine what will happen in the year ahead.
Perhaps unusually, we start our take on the UK Government’s data privacy reforms six months into the year, when it was revealed that the long-awaited Data Protection & Digital Information Bill had fallen victim to the then Prime Minister Rishi Sunak’s decision to call the General Election on July 4, with the reforms sinking without trace.
And, while privacy organisations welcomed the move, it triggered a call from industry body the DMA for the Government and Opposition parties to join together to pass the Bill before the election. However, this too fell by the wayside.
It was back in August 2021 that plans for new legislation were first aired, with then Digital Secretary Oliver Dowden insisting: “Now that we have left the EU I’m determined to seize the opportunity by developing a world-leading data policy that will deliver a Brexit dividend for individuals and businesses across the UK.
“It means reforming our own data laws so that they’re based on common sense, not box-ticking. And it means having the leadership in place at the ICO to pursue a new era of data-driven growth and innovation.”
Even so, the main elements of the reforms lent heavily on the EU’s GDPR, which had changed its name to UK GDPR following Brexit, although there were bigger fines for rogue telemarketers, a soft-opt in for charity emails, relaxing the online cookies law and a shake-up of the Information Commissioner’s Office.
However, the real issue came on the third reading of the Bill in the House of Commons in November 2023 when the Government introduced and then waved through an unprecedented 240 last-minute amendments.
This led to huge delays in the House of Lords, where peers were forced to do the line-by-line scrutiny of the changes, with the most controversial being new DWP powers to spy on bank accounts of benefit claimants to fight fraud.
Then came the general election, resulting in a new Labour Government, which soon vowed to re-introduce the legislation, albeit with a few crucial tweaks.
These carried little truck with privacy campaigners, however, who warned that certain elements could erode consumers’ data rights and wreck the neutrality of the UK Information Commissioner’s Office.
Out had gone the Data Protection & Digital Information Bill and in came the distinctively dull sounding Data (Use & Access) Bill, which had its first reading in the House of Lords at the end of October. Most of the original measures for marketers appeared to be still in place.
However, while DPDI Bill was claimed to be business friendly, slashing “red tape” and saving firms a claimed £4.7bn over ten years, the DUA Bill seemed more focused on the public sector. Labour claimed that, with the tweaks, the new Bill would “free up millions of police and NHS staff hours” as well as “boost the UK economy by £10bn”. Once again, exact details on how this would be achieved were sketchy at best.
Within hours, the DMA was publicly backing the new Bill – despite details about how it would affect the data-driven marketing industry being thin on the ground – insisting the trade body had “always been committed to getting the balance right between protecting privacy and promoting innovation”.
At the time, DMA chief executive Chris Combemale maintained the proposed legislation built on principles that had cross-party consensus over the past three years, while maintaining high levels of data protection and reducing concerns around data adequacy.
Publishers also rejoiced, and led by the PPA, breathed a collective huge sigh of relief after a previously tabled proposal on online cookies – which could have wiped out millions of pounds in revenue – was scrapped.
PPA chief executive Sajeeda Merali said: “We fully support data protection measures that allow businesses to flourish and consumer protection and will continue to work closely with the Government as this Bill progresses to ensure our members can deliver a quality product to audiences in a way they want it.”
However, the Open Rights Group maintained the new Bill was simply a “rehash” of the DPDI proposals that failed to make it through the Parliamentary process before the July general election – and just as damaging.
Legal and policy officer Mariano delli Santi said: “Strong data protection laws are an essential line of defence against harmful AI and automated decision making (ADM) systems which can be used to make life-changing decisions.
“The Data (Use & Access) Bill weakens our rights and gives companies and organisations more powers to use automated decisions. This is of particular concern in areas of policing, welfare and immigration where life-changing decisions could be made without human review.”
Even a House of Lords committee rifled off a stern warning to ministers, insisting the changes could jeopardise the EU data adequacy agreement – estimated to be worth up to £161bn a year to the economy – amid fresh claims that the proposals will also “set the UK years behind our international partners” on data rights.
While many backed the new Bill, the cross-party House of Lords European Affairs Committee said it was concerned about how the legislation would go down in Brussels.
Then, suddenly, the DMA had a change of heart, having initially welcomed the Bill, it emerged that the soft opt-in clause contained in the predecessor – the DPDI Bill – had been scrapped.
Late last month, the industry body joined forces with Salocin Group agency Wood for Trees and nearly 20 leading UK charities to call on the Government to reinstate the clause for email marketing for the third sector, amid claims the U-turn could benefit charities to the tune of £290m a year.
Although the DMA insists it continues to be highly supportive of the Bill, an amendment has now been tabled in the Lords; the Government’s official stance has not been disclosed.
Peers have already put forward over 200 amendments to the Bill on subjects including cyber resilience, the accountability of digital verification services, and supporting digital inclusion, and line by line scrutiny is by its very nature a slow process.
It would appear unlikely that the white smoke will emerge from the Parliamentary chimney any time soon. But, you never know, those data reforms which have already been four years in the making, might, just might, finally emerge in the year ahead, and marketers should get a clearer picture of the challenges they face in getting compliant.
Whether the new laws will still be relevant, given the pace of technological change, is another matter. And that could open up a whole new can of worms…
