A win-win from a US-UK deal on trade.

It’s tough for publicly funded enforcement agencies to take on monopoly power.

Lina Khan has pointed out the hard work & dedication needed when outnumbered 20:1 by corporate defence teams, as well as the advantages of "clear, bright lines" of enforcement over relying on innovation debilitating procedural hurdles which disadvantage smaller companies.

When Government Works: A Conversation with Lina Khan

An alternative to complex litigation to protect online privacy is to leverage the gatekeeper role of obligatory network access software systems such as browsers & operating systems.

The ePrivacy Regulation, which EU institutions failed to complete & now would be ill-advised to drop, originally included a duty on providers of such software to build in automatic data protection to protect users. Agencies would only need to litigate against the providers who failed to do that job properly.

Browsers have been enforcing privacy norms for decades, for example the "same origin policy" ensures dynamic content such as javascript can only access data belonging to web domain it was loaded from.

Recently browsers such as Safari and Firefox have further restricted access to storage such as blocking third-party cookies, and deleting some first-party cookies after 24 hours.

As we proposed over a decade ago in the Do-Not-Track project of the W3C Tracking Protection Working Group, with access to standardised preference signals being available browsers could do a even better job in enforcing user consent. This would allow for transparent information transmission and audit trails for when (and for what) user have given their consent, as well as consent action and status indicators continuously available in the "browser chrome". Annoying pop-up panels would no longer be necessary and could eventually be banned, as some US state laws already call for (e.g. the "frictionless manner" implementation required in some circumstances by the CCPA).

An important advantage of this would be to target the monopolistic behaviour of behemoths while not inhibiting the vast majority of other companies, as well as startups, to innovate.

The recent announcement of a UK-US trade deal centered around technological innovation creates an opportunity to revisit this, with the potential added bonus of US involvement.

A trade deal with the US weakening existing UK privacy protections would necessarily endanger the UK's data protection adequacy agreement with the EU. 

In addition, many US states have introduced laws to protect online privacy, with similar duties on browsers to respect a "universal [data sharing] opt-out mechanism" which may be copied into possible forthcoming federal legislation.

An agreement with the US to demand a global duty on browser providers could be a win-win - not only a welcome boon to regulators charged with protecting consumers in Europe & the US, but also help boost economic innovation by replacing costly & debilitating procedural hurdles with clear, fair but unavoidable automatic enforcement.

And, no matter how UK-US trade talks develop, EU institution should urgently resume their work on the ePrivacy Regulation with further improvements.

Contact us for genuine expert advice. We have extensive experience in this area, based on real technical expertise and innovation, working with public as well as private organisations.