The United Kingdom government have announced that they intend to strengthen the law surrounding data protection to prepare the country for “a successful Brexit.”
The UK’s Data Protection Act has not changed since 1998, when the role of an Information Commissioner replaced the Data Protection Register.
The new measures should give the public “confidence that their data will be managed securely and safely.”
The new Data Protection Bill recently announced by digital minister Matt Hancock is intended to protect the public “in the new digital age.”
Hancock says that it will give the UK “one of the most robust, yet dynamic, set of data laws in the world.”
Prepare for Brexit
When passed by parliament, the Bill will update the existing act and incorporate the forthcoming EU General Data Protection Regulation (GDPR) into UK law.
Elizabeth Denham, the current Information Commissioner, says that this will help “Britain prepare for a successful Brexit.”
Under the new measures, people will have greater control over their personal data – including the “right to be forgotten.”
Individuals will have the right to require social media platforms to delete material on children and adults.
This means, for example, that adults will also have the right to ask social media firms to erase information that they posted when they were children.
Definition of personal data
The new Bill also expands the definition of personal data to include IP addresses, internet cookies, and DNA.
The government say that the new Bill should give people “confidence that their data will be managed securely and safely.”
They say that research shows that the majority of people (over 80 percent) feel they do not have full control over their online data.
As well proposing tougher rules on the right to delete data, the Bill intends to make it easier for people to access and move their data, and to give or withhold permission about what it can be used for.
Opt-in rather than opt-out
For example, at present, when you fill in a form online, the website owner is allowed to assume that they can use your data for other purposes – such as pass it onto third parties – unless you tick the “opt-out” box.
Under the new measures, they will have to ask you to tick a box to give permission to use the data.
“Enforcement will be enhanced, and the Information Commissioner given the right powers to ensure consumers are appropriately safeguarded,” says the Statement of Intent about the new Bill.
The new Bill also proposes to make it easier for people to access information that is held about them.
For example, individuals will be able to ask organizations for a copy of the personal data they hold about them without having to pay for it. At present, organizations can charge people an “administration” fee for this.
The new measures will also help people to move their personal information more easily from one service provider to another – for example photos or images held in cloud storage.
Support for businesses
The Bill also contains provisions to ensure that businesses get support to help them manage and keep the personal data that they collect secure.
The rules covering people who handle data will also be clearer and tougher, with greater emphasis placed on the rights to personal privacy.
In tandem with these, the sanctions on data breaches will be tougher. The Information Commissioner will have the power to issue fines of up to £17 million, or 4 percent of a firm’s global turnover, in the most severe cases.
Tom Thackray, Innovation Director for the Confederation of British Industry (CBI), says that, “This legislation strikes the right balance in improving standards of protection while still enabling businesses to explore new products and services.”
Video – the new Data Protection Bill
In the following video, digital minister Matt Hancock explains the new Data Protection Bill.