ePrivacy Compliance: Are UK Businesses Prepared?
George Thompson, Director of KPMG discusses UK Cookie Law Compliance and a recent KPMG survey documenting how global brands are addressing ePrivacy. https://www.ensighten.com/privacy-policy/
—– TRANSCRIPT ——-
Analysis: How UK Businesses Are Preparing
UK Cookie Law Compliance: Implications & Answers
George Thompson, Director, KPMG
George Thompson from KPMG. For those of you who don’t know, KPMG is one of the four largest global accounting and audit companies globally. In addition to audit and accountancy we do quite a lot advisory work in various spaces. My particular field is Information Protection and Business Resilience. And within that team we look at privacy and other areas related to compliance activity assurance, privacy by design, architecture and those kinds of activities.
So today we’re going to talk about The Cookie Monster. The reason I was invited is that we decided to conduct a survey, a survey of the level of compliance that organizations in the UK were taking to comply with the e-cookie, e-privacy requirements that Stewart’s just been talking about.
We looked for the presence of Terms and Conditions, Privacy Policies, anything that would help a user to understand what this website was doing to them. Were they depositing cookies that collected information? Were they installing trackers to feed information to Google Analytics and the others? That required a lot of eyeballs. That’s not something you can set a machine to go and do for you. So we actually had people reading those documents.
We didn’t take into account the “Continue the Journey” consent mechanism, that may well exist on some. But indeed, that’s the result. Those results got a lot of press. And we’re planning to rerun that next Monday and Tuesday and I expect we’ll be putting out another press statement towards next weekend. So why did we do that? Well, our clients keep asking us what they should be doing. More importantly, our clients ask us, “What are my peers doing? What is my competition doing? What does the regulator expect us to do?” And not just UK regulators, because the organizations that we deal with mostly are multinational. They operate globally. They certainly operate across all of Europe.
And we also help organizations based outside of the EU but want to trade in the EU and sell via websites to the European Union. So they want to know what’s the standard, what is it that I should be looking to achieve, and how do I do that? Do I have to do things on first-party cookies? I can control those. I know those. What do I do about third-parties? Trackers? Adobe? And the Google trackers?
Which websites does this apply to? Corporate website? Kpmg.com certainly. The affiliates, people we do partner with, we do business with. Does that mean if we work with a site do we have to worry about what is on their site? HR services. I’m an employee of a global organization. Does KPMG need my consent to process my personal information that it outsources to my pension provider? Probably not.
The debate is endless in large organizations.
Learn more at: https://www.ensighten.com/privacy-policy/
Learn How to Compete In An Omni-Channel World: https://www.ensighten.com/blog/