The Solicitors Regulation Authority has moved to tackle concerns over whether its clickable logo for law firms' websites complies with data protection law by suspending the use of tracking software.
In an update posted today the regulator says Google Analytics will be turned off 'at the moment to make sure that no firms have any residual concerns that would get in the way of implementing the logo'.
It adds: 'We will update you in due course on next steps.' Displaying the badge becomes mandatory from 25 November.
The solicitor who first alerted the SRA to the issue, George Gardiner, of commercial and technology firm Gardiner Law, dismissed the SRA's announcement as 'too late'. 'Personal data is being collected and processed without consent,' he told the Gazette.
Today's announcement is the first public acknowledgement by the regulator of concerns about the logo, which requires cookie software to be installed to validate firms' websites. It maintains that the scheme involves 'no collection of identifiable data – all IP addresses are automatically anonymised. IP addresses collected by Google are not stored, written to disc or utilised further. And no IP addresses are stored by [contractor] Yoshki or us.'
Gardiner dismissed the claim. 'Whether or not the SRA use the personal data collected is irrelevant – the definition of “processing” under the GDPR is very broad and therefore includes even collecting personal data even if it isn’t subsequently processed,' he said. He plans to make a formal complaint to the Information Commissioner's Office if the SRA persists with the logo.
Mike Blackburn, managing director of specialist web design business I-COM, said that firms with websites which, to comply with data protection guidelines require visitors to opt in to cookies, will find that the badge will not display for users who decline - usually the vast majority. 'It's a poorly thought-out scheme that has been developed using outmoded techniques that aren't really suited for our data privacy conscious future,' Blackburn said.
At least one firm is attempting to meet the GDPR consent requirement by displaying the badge on a separate web page. Bristol and London firm Gregg Latchams Solicitors tells web users: 'We do not have any control over the third party engaged by the SRA to provide this service, which appears to use Google Analytics without obtaining your consent.' It invites users to 'make an informed decision as to whether you wish to click this link or not'.
An SRA spokesperson said: 'We introduced the clickable logo on a voluntary basis last December. The majority of firms are already using it as a way to promote the extra protections you get if you use a regulated law firm.
'If a firm has a problem implementing it, they should get in touch with our delivery partner Yoshki, who can resolve any technical issues. All firms with a website will need to use the clickable logo from 25 November.'
Gardiner estimates that implementing the badge will cost the profession at least £25m. 'Can the SRA justify this cost given that it has yet to identify an empirical risk that would be addressed by it?'.