The New SRA Digital Badge - GDPR Concerns
The SRA clickable logo (known as the digital badge) has to be displayed on all regulated law firms' websites from the 25th November 2019.
The logo should be relatively easy for most firms to put on their website but they need to register for it with the SRA first before it can be used. To register you should go to:
The logo incorporates software that will validate the your website domain and confirm that you're regulated and authorised to display it.
While we think the badge is a great idea to prevent misrepresentation, there is an issue that data privacy lawyers may want to investigate further.
The Source of the GDPR Issue
The badge tries to deploy Google Analytics code on behalf of the developers (Yoshki.com) that in turn deploys cookies that collect analytics data from users of the sites hosting the badge.
If a user visits a site using a browser that blocks Google Analytics, then the badge does not display correctly. This can be seen in the below screenshot of the badge on the Slater & Gordon website:
There is another issue for the few firms (if there are any - for more on this see our earlier blog) that are fully complying with the latest I.C.O. GDPR Guidelines. For them, the badge simply won't work for all those visitors that fail to opt-in to cookie deployment (which is likely to be the majority) and so they'll end up being described as not authorised as in the Slater & Gordon example above.
In truth, it's a poorly thought-out scheme that has been developed using outmoded techniques that aren't really suited for our data privacy conscious future.
Should You Add the Badge to Your Website or Not?
Obviously, as a firm you need to make a decision about whether the risk of a sanction from the S.R.A. for not displaying the badge is likely to be worse than the GDPR risk.
You may believe that, as there are very few websites fully complying with GDPR, a sanction from the S.R.A. is more likely than one from the I.C.O. but that has to be your call.
However, it seems to me that if the S.R.A. were to sanction a firm there could be a great challenge to the validity of any such sanction. Again we'd appreciate opinions.
On the 14th November the SRA announced that they would be removing the Google Analytics tracking from the Badge to prevent any data privacy concerns. (See https://www.sra.org.uk/sra/news/compliance-news-35-clickable-logo/) This is a positive step and should move all our concerns - however it's interesting that the wording of the announcement suggests that this might only be a temporary change - we'll keep watching.
If You Need Help
Finally, it may seem hypocritical of us to offer but if you do need any help getting the badge onto your site (should you want to deploy it) we can help, please get in touch using the form on this page or by calling 0161 402 3170.
Provide a Comment
*Note all comments will be reviewed prior to publishing
"Here is an innovative solution another firm has used: Gregg Latchams Digital Badge. Effectively the firm is compliant by displaying the page but has a warning about clicking on the badge.
Although that does not remove our liability for whatever Yoshki does with the data of people who click on the logo, it at least warns people about the risks. It is not a solution but it does mitigate things a little. I doubt the SRA will back down." - Toni Vitale, JMW
"Thanks Toni, this is very interesting. Unfortunately, this doesn't stop the prying eyes of Google circumventing the message - see this search for "digital badge gregg latchams" the second result takes you straight to the page with the badge without displaying the warning.
"Really Gregg Latchams should have instructed Google and other search engines not to index the page."