My legal fight with the Queen taught me why cookies are good and GDPR is terrible

Yet the Royal Family, unlike the government, is legally exempt from both the UK’s Freedom of Information laws and employment laws that ban race and sex discrimination.

There is a strong public interest in knowing this information. Taxpayers fund everything the Royal Family does. The tax burden of the Queen has tripled since 2013, our investigation found. But the Palace pushed back, aggressively, insisting we should not publish our story. The project was delayed for months as we argued with the Queen’s lawyers.

Bizarrely, the main law the Queen uses to keep information out of the public eye is GDPR, the EU regulation that requires websites to serve a popup asking for your consent to receive tracking cookies.

That’s because the UK’s version of GDPR is encoded into the Data Protection Act of 2018, and it includes a vast range of new privacy rights for employers and workers that prevent members of the public from publishing information about them – even when that information is true, accurate, has already been published by the companies themselves or is already a matter of public record. The statute is fiendishly complicated, but it basically says that even when information is already out there on the web, it cannot be republished by the media if the subject of the information would not have expected it to make headlines when they made it public.

That was the most frustrating irony of battling with the Queen: much of the data we got on the Palace’s employment activity came from the Palace itself: from the Palace’s annual reports, from its help-wanted ads and from the Palace’s own staff who list themselves on LinkedIn. All we wanted to do was publish that information in one place to make it easier for anyone to understand the sheer scope of the Royal Family as a corporate entity.

But GDPR all but bans this.

And that’s why you know so little about who actually works for the Queen, what they do and how much it all costs.

So what does this mean for consumers? Funny you asked

OK, so GDPR is bad for journalists. But it delivered benefits for ordinary people on the web, surely? In fact, no. GDPR came at great cost to users, publishers and advertisers.

A lot of small businesses went to the wall when GDPR was enacted. A study by the National Bureau of Economic Research showed that one-third of apps in the Google Play Store left the platform after GDPR, and new entries were reduced by half. “Whatever the privacy benefits of GDPR, they come at substantial costs in foregone innovation,” the study’s authors wrote.

And now cookies are going away, to be replaced by something likely more invasive and sophisticated.

After cookies are killed off in 2023, you’ll be tracked via your Gmail and Facebook logins, your subscription signups, a new “on-device conversion” service (which Google says will reveal to advertisers which apps you download on your phone without passing your ID to the advertiser) and a new Google tag to show advertisers what web pages people are looking at. There will also be two new Google services, ‘Topics’ and ‘Fledge,’ which will allow advertisers to target you without knowing exactly who you are. And a ton of other companies are developing new technologies to reverse-engineer your identity or your interests in a world without cookies.

And without cookies, the free web is being replaced by subscription-based publishers that take much more information from you than cookies ever did. Every time you sign up for a subscription or log into an app, those companies know exactly who you are. There is nothing anonymous or free about it.

This has become expensive for consumers.

It is now impossible to subscribe to all the services you might need to stay reliably informed. Even a handful of decent subscriptions will cost you hundreds of dollars a year. That cost is dividing the world into two camps:

• Users who are wealthy enough to pay for high-quality news and information, but who will nonetheless find themselves inside a filter bubble because you cannot subscribe to everything

• Everyone else, relying on free news from less reliable publishers, often on Facebook

New York Times tech columnist Kevin Roose created a bot that records “the 10 top-performing link posts by US Facebook pages every day,” and it’s a dumpster fire of partisan, biased and unreliable media brands: Fox News, Breitbart, Ben Shapiro, Sarah Palin, Blue Lives Matter, Upworthy, Being Liberal and so on. Traditional news services – with editors who care about balance, sourcing and objectivity – rarely feature.

In hindsight, cookies were great for both users and publishers, and widely misunderstood by privacy advocates. While cookies did track your activity, they did not specifically identify any single user. Rather, they bundled you into anonymous groups of consumers – people shopping for shoes, for instance – who could be targeted by advertisers. They allowed you to surf the web for free while advertisers funded the publishers you were reading. Everyone got something out of this: publishers got a viable business model supported by advertising, readers got their news for free, and while it did feel weird that the entire internet seemed to suddenly know you were shopping for shoes, you kept your anonymity.

So yes, ads on the internet were annoying back in the day. But in hindsight they also fueled a golden era of free information and relative anonymity, coupled with a business model that actually worked.

And while the Queen is obviously not to blame for the death of cookies, she is definitely benefiting from GDPR, a law designed to protect consumer privacy on the web that may have unintentionally made the situation worse.

Jim Edwards is the author of Say Thank You for Everything: The Secrets of Being a Great Manager: Strategies and Tactics That Get Results and the former editor-in-chief for news at Insider Inc.

For more, sign up for The Drum’s daily US newsletter here.