The Drum Awards for Marketing - Extended Entry Deadline

-d -h -min -sec

Digital Transformation Adtech Data & Privacy

Marketers respond to the DPDI bill – the UK’s deviation from GDPR


By Chris Sutcliffe | Senior reporter

March 8, 2023 | 7 min read

The Data Protection & Digital Information Bill has returned to parliament. The Drum explores how it could affect the ability of marketers and platforms to process data.

The UK parliament viewed from across the Thames

The changes reflect marketers’ frustrations with aspects of GDPR

The key parts of the bill refer to both data processing and a potential simplification of rules regarding cookie opt-ins at a consumer level. The changes have been suggested by a steering group that includes the Data and Marketing Association (DMA), with a focus on ensuring that consumer privacy is respected while also streamlining the ability of marketers to collect data.

Chris Combemale, CEO of the DMA UK which has collaborated with the government on the development of the Data Protection and Digital Information Bill (DPDI), said: We are confident that the bill should act as a catalyst for innovation and growth while maintaining robust privacy protections across the UK - an essential balance which will build consumer trust in the digital economy.”

For brands in the digital space, the key components of the bill are greater clarity offered on what constitutes a legitimate interest (something many marketers want to broaden), and an expanded range of exemptions to consent for cookies. This has been the mooted solution to the need to get user consent and was Meta’s chosen mechanism for protesting its latest EU fine.

Christie Dennehy-Neil, head of policy and regulatory affairs, said that the bill is still a half-measure: “As the Data Protection and Digital Information Bill returns to Parliament, we urge the government to seize the opportunity it creates to improve people’s online experience by extending cookie consent exemptions to advertising measurement and analytics, which are necessary, non-intrusive functions.

“This would achieve the risk-based and proportionate approach to cookie consent that the government wants. In its current form, the bill doesn’t make the most of this opportunity for meaningful change.”

The IAB also urges the government to extend the remit of the bill to ‘protect the viability of the ad-funded business model our open web relies on’.

Konrad Shek, director of policy research for the Advertising Association, said that there is still clarity required on some issues related to non-intrusive cookies:

“The Advertising Association broadly welcomes the introduction of the new version of the DPDI Bill and what has been achieved to date, with the added clarity to the use of legitimate interest, especially with regard to direct marketing; the inclusion of commercial research under research provisions; and reduction of overall paper requirements. We hope there will be further opportunities to amend the Bill, particularly in areas linked to non-intrusive cookies, such as increased clarity and flexibility over audience measurement and for ad performance.”

Deviation and overcorrection

Cadi Jones is an industry practitioner. She believes the expanded range of exemptions to consent for cookies “could be very interesting for e-commerce companies”.

"Not all direct-to-consumer, digital-first brands are moving towards ‘retail media solutions’ [and] many do not carry ads. However, most have developed advanced techniques for retaining their customer base and maximizing revenues from these users. They will certainly welcome these exemptions.”

She warns brands that operate internationally of “additional complexities”.

Husna Grimes is VP global privacy at Permutive. She broadly welcomes the aims of the bill, but notes that it remains to be seen whether there will be tangible benefits in practice, particularly for brands and marketers that operate internationally: "It’s questionable how useful these changes will be to businesses operating on a global scale. For any companies subject to both EU and UK privacy laws, inconsistencies between the two frameworks could result in greater confusion and more compliance costs.

"The “pointless paperwork” and “annoying cookie pop-ups” referred to in the UK government’s press release will still be required under EU privacy laws, so Privacy teams will need to think about whether it’s worth focusing their attention and budgets on making changes to reflect new UK laws, or maintaining a consistent compliance approach in these regions. "

The caution was echoed by Paul Coggins, CEO of Adludio, who believes the changes will ultimately increase rather than reduce confusion.

He says: “There appears to be no strategic reason for the UK to move away from the EU’s GDPR, other than political. Far from being a pro-growth and pro-privacy bill, another set of rules to learn will inevitably lead to confusion and added costs.

“For example, one of the great additional ‘fees’ that many businesses will be aware of since the introduction of GDPR is that of Data Protection Officers. With this bill, even the smallest businesses would be wise now to have access to a DPO. Why do governments not understand that one set of rules, across multiple jurisdictions in a global economy with access to one global internet, is a good thing?”

The Drum will add more comment as it arrives.

Digital Transformation Adtech Data & Privacy

More from Digital Transformation

View all


Industry insights

View all
Add your own content +