The Information Commissioner’s Office is considering relaxing the consent requirements that cover online cookies, text, email marketing and telemarketing as part of the Government’s drive to cut red tape and kick-start growth.
The ICO claims the review of the Privacy & Electronics Communications Regulations (PECR) will “enable a shift towards privacy-preserving online advertising models”, although exact details are thin on the ground.
Over the past year, the ICO has issued 16 fines, totalling £1,667,500, for breaches of PECR, and, while many of these were for rogue telemarking activities, they also include action against firms for cookie violations.
The PECR shake-up is one of a host of measures proposed by the ICO following a meeting of top regulator bosses held by Chancellor Rachel Reeves in Downing Street yesterday (Monday) at which she revealed an “Action Plan” designed to make it easier to do business in the UK and cut administration costs for firms by a quarter.
The Government claims the plan – which includes 60 growth-boosting measures from UK watchdogs – will save businesses across the country “billions of pounds” by cutting the number of regulators, streamlining their core legal duties and cracking down on complexity in the regulatory system.
The new measures are in addition to proposals contained in the new Data (Use & Access) Bill, which is currently going through Parliament.
In a statement, the ICO said: “All profitable digital advertising requires user consent under PECR, even where some activities, delivered in certain ways, can have minimal privacy impact. Because behavioural advertising, which involves tracking and profiling users, is considered to be most profitable, there is no incentive for businesses to adopt less intrusive advertising techniques as the same regulatory burden applies in all cases.”
To address this, the ICO says it will develop a position on the processing activities “critical for delivering and measuring privacy-preserving advertising” and assess their regulatory status under PECR where the “PECR consent requirements could be relaxed.”
This autumn, the ICO will publish a statement identifying low-risk advertising activities which in its view are unlikely to cause harm or trigger enforcement action. It insists it will consider safeguards it would expect to reduce risks to users and devices. The aim is to provide legal clarity for businesses while safeguarding user privacy, the regulator said.
It added: “This work will support the Government in developing planned secondary legislation to amend PECR consent requirements, creating an exemption for specific low-risk advertising purposes. This would make privacy-friendly advertising models more commercially viable, boosting business growth while enhancing consumer privacy.”
In addition, the ICO will publish a free data essentials training programme for small businesses, supporting them to “leverage the power of personal data and strengthen customer trust”. It maintains this will help firms save at least £9.1m over three years.
It has also committed to introduce simpler guidance for businesses developing or deploying AI, ensuring clarity of what the data protection law. This, it claims, will enable organisations to unleash the opportunities of this technology while still safeguarding people’s personal data.
The new framework will guide AI adoption in both private and public sectors, fostering technological advancement and public trust. The ICO says it will further support the Government in embedding these regulations into a statutory code of practice, “ensuring lasting certainty for AI-driven growth”.
Finally, the regulator will publish new guidance on international transfers of data, which underpin around 40% of UK exports and 20% of imports, in a move designed at making it easier for UK businesses to access new markets and partners.
Information Commissioner John Edwards said: “Personal data powers our economy, from retail to hospitality to healthcare. Unlocking the potential of this data is key to encouraging economic growth and investment – as long as the public can trust it will be appropriately protected.
“There’s a responsibility on all regulators to create an environment where businesses can flourish, particularly for the ICO as a whole economy regulator.
“We’ve already helped tens of thousands of businesses and we’re providing the regulatory certainty and support that they need to safely innovate.”
Related stories
ICO set to expand ‘less is best’ regime to fuel UK growth
Charities eye £290m boost after Data Bill amendment
Big issues to tackle in 2025: What’s the cost of privacy?
PPA relief as data reforms axe online cookies crackdown
DMA throws weight behind new Data (Use & Access) Bill
Govt resurrects data reforms but industry awaits detail
