We were among the 300+ delegates in attendance at the European Data Protection Summit last month to take in some great sessions on GDPR, privacy and more.
The two-day event covered GDPR 16 months on from its introduction, privacy in the era of AI and other emerging technologies and tracking cookies and the need for organisations to ensure that they are following lawful process.
Among the key takeaways from the latter session were:
- Analytics cookies are not ‘strictly necessary’ and so can’t be used without consent;
- A high level of (GDPR-compliant) consent must be obtained;
- No cookies should be dropped until that consent has been given and all third parties should be named.
This will have a significant impact on how many organisations operate.
Another key takeaway from the Summit was that many companies have been waiting for the new ePrivacy Regulation before making any changes – but it may never become law in the UK if its date of application falls after the end of any transition period when the UK leaves the EU.
However, the UK will no doubt have to adopt similar rules even if the ePrivacy Regulation does not apply, so it’s important to be prepared and plan for these changes.
For more insights from the event, contact the TLA compliance team.