Subscribe
    Hello stranger

    Policy Briefing: UK Data Reform & AANA Children’s Advertising Code Review

    On June 23, 2022 Policy and Regulation

    GDPR update:  UK Government response to ‘Data: A new direction’ consultation

    The UK Government last week published its response to the Data: A new direction consultation which was initiated in September last year.

    Holding true to the title, the response makes it clear that post-Brexit, the UK Government is seeking to ‘reshape its approach to regulation outside of the EU’, and ‘seize opportunities with its new regulatory freedoms’.

    It notes that data is a huge strategic asset and the driving force of the world’s modern economies and makes clear the UK Government’s goal is to ‘establish the UK as the most attractive global data marketplace’, and to ‘create a framework which empowers its citizens through the responsible use of personal data’, but also ‘giving businesses the opportunity to protect personal data in the most proportionate and appropriate way’.

    The Government’s response is set out in 5 chapters and can be accessed here. While much of the detail will still need to be worked through, the general direction appears to be towards loosening existing GDPR requirements that may be impeding businesses, particularly SMEs.  Some highlights include:

    Reducing Barriers to responsible innovation

    • Introducing an (initially limited) list of legitimate interests for which organisations could use personal data without applying the balancing test usually required under law and without ‘unnecessary or inappropriate recourse to consent’. The exact list isn’t revealed in the report, but it is noted that it will include data processing for crime prevention and for important reasons of public interest. In addition, a new power will be created so that the list can be updated to include additional processing activities in future.
    • Clarifying when personal data can be reused to enable economic and societal benefit through innovation.
    • Clarifying a range of provisions in relation to scientific research, including by providing a statutory definition of ‘scientific research’, and allowing a less specific form of consent to be able to be used for purposes of scientific research.

    Support AI and machine learning

    • Amendments to enable the processing of sensitive personal data for the purpose of monitoring and correcting bias in AI systems, subject to appropriate safeguards, such as limitations on re-use and the implementation
    • Reforms to enable deployment of AI-powered automated decision-making, providing scope for innovation with appropriate safeguards in place.

    Clarification of anonymisation requirement to make it more practically workable

    • Clarification of when data is to be regarded as anonymous and therefore outside the scope of data protection legislation. The report proposes that, to avoid setting an impossibly high standard for anonymisation, the definition will clarify that:
      • when a living individual is identifiable and within the scope of the legislation, the test for identifiability is a relative one, based on the means (technologies etc) available to the data controller at a particular time; and
      • where the controller/processor knows or ought reasonably to know that passing the data to another data controller is likely to result in re-identification, taking into account the means available to the organisation.

    More flexible accountability framework

    • Provide more flexibility for organisations to show they are complying and reduce the burden on organisations, including removing the existing requirements to:
      • designate a data protection officer under Articles 37 to 39;
      • undertake data protection impact assessments under Article 35; and
      • maintain a record of processing activities under Article 30.

    In their place, the government proposes:

    • appointing a suitable senior individual to be responsible for the programme,
    • ensuring organisations implement risk assessment tools which help assess, identify and mitigate risks, and
    • a more flexible record keeping requirement.

    Less burdensome data access requests

    • Making data access requests less burdensome on organisations by amending/ lowering the current threshold to refuse subject access requests from ‘manifestly unfounded or excessive’ to ‘vexatious or excessive, to bring it in-line with FOI.

    Cookies

    • Remove the need for websites to display cookie banners to UK residents and, in the immediate term, permit cookies and similar technologies to be placed in a user’s device without explicit consent, for a small number of non-intrusive purposes – across websites, connected technology, apps on smartphones, smart TVs and other connected devices.
    • In the future the UK govt intends to move to an opt-out model of consent for cookies placed by websites – so in practice this would mean cookies would be set without seeking consent, but the website must give the web user clear information about how to opt out. This would not apply to websites likely to be accessed by children.

    Reducing barriers to data flows via more flexible ‘adequacy’ requirement

    • Taking a more flexible /risk-based approach to determining whether another jurisdiction has ‘adequate’ privacy laws in order to be able to transfer data from the UK to other jurisdictions.

    Transparency for public sector data use

    • Greater transparency for use of data in the public sector, for example, transparency of the use of algorithmic tools for decision-making.

    Reform of the Information Commissioner’s office

    • To enable the ICO to take a more risk-based and proactive approach, tackling the highest risk data processing activities, helping organisations to comply with the law from the outset and providing the office with greater enforcement powers.

    These changes will of course be important for Australia to consider in its upcoming privacy law reform process as well, to ensure that any reforms introduced here are consistent with international approaches and take into account any recent developments and lessons from overseas markets.

     

    AANA Children’s Code Review

    The AANA this week announced it is reviewing its Children’s Code, available here. Submissions will be accepted until 5 August 2022 with the revised Code expected to come into effect in 2023

    The AANA Children’s Code covers advertising of children’s products to children and is one of 5 Codes administered by the AANA under its self-regulatory model, alongside:

    • The Code of Ethics
    • The Food & Beverages Advertising Code
    • The Environmental Claims Code; and
    • The Wagering Advertising Code

    The Code applies to all advertising and marketing communications published on any medium (including online) by or on behalf of an advertiser or marketer.

    The objective of the Code is to ensure that advertisers and marketers develop and maintain a high sense of social responsibility in advertising and marketing to children in Australia.

    The current review is a periodic review to provide an opportunity to update the Code and/or accompanying practice notes to ensure they continue to be relevant and meet community standards and expectations, particularly in light of the rapid changes in the way children consume media.

    The AANA note in their media release that the low level of complaints under the Children’s Advertising Code is a positive indication that brands advertising to children are taking the rules seriously.

    Key questions posed by the review include:

    AANA Children’s Code Review – Consultation Questions

    1. Does the Children’s Code continue to meet its stated objectives? If not, why not?

    2. Do the current objectives need to be amended? If so, what are the objectives that the Children’s Code should address?

    3. Are Practice Notes helpful in assisting the interpretation of the Code? 4. Should the Children’s Code and Practice Notes continue to evolve outside of formal public reviews?

    5. Are changes required to the Children’s Code to ensure consistency with the TV Standard?

    6. Are changes required to the Children’s Code to ensure consistency with the Code of Practice?

    7. Are any changes required to the definitions in the Children’s Code? If yes, please give reasons

    8. – 23. Are any changes required to Section 2.1 – 2.15 of the Children’s Code? If yes, please give reasons.

    24. Are there any other issues, rules or standards that should be included in the Children’s Code? If so please, give details.

    25. Do you know of any other evidence-based research which could inform the evolution of the Children’s Code? If so, please give details.

    26. Do you have any additional suggestions or comments on the review of the Children’s Code

    For further information and the full list of consultation questions please see the AANA’s Discussion Paper.

    IAB Australia will be talking to the AANA to get a better understanding of any changes that are proposed during the process and will keep members updated.  If you have any concerns or feedback about the Code which you would like IAB to take into account in any discussions, please get in touch on sarah@iabaustralia.com.au

     

     

     

     

    Recommended

    Policy and Regulation

    Productivity Commission Interim Report – Harnessing data and digital technology

    Policy and Regulation

    Privacy & Automated Decision Making – Short Briefing Note

    Policy and Regulation

    Productivity Commission – Harnessing Data & Digital Technology

    Policy and Regulation

    IAB Australia ABAC – Best Practice Guides for Digital Audio

    Skip to toolbar