Government to strengthen UK data protection law

New measures announced by the Digital Minister will allow people to have more control over their personal data and be better protected in the digital age.

A new Data Protection Bill is to be put forward that is committed to updating and strengthening data protection laws.

It will provide everyone with the confidence that their data is managed securely and safely.

Research shows that over 80 per cent of people feel that they do not have complete control over their data online.

Individuals will have more control over their data by having the right to be forgotten and ask for their personal data to be erased. This will also mean that people can ask social media channels to delete information they posted in their childhood.

Businesses will be supported to make sure they are able to manage and secure data properly. The Information Commissioner’s Office (ICO), data protection regulator, will also be given more power to defend consumer interests and issue higher fines, of up to £17 million or four per cent of global turnover, in cases of the most series data breaches.

The Data Protection Bill will make it simpler to withdraw consent for the use of personal data, allow people to ask for their personal data held by companies to be erased, enable parents and guardians to give consent for their child’s data to be used, and require ‘explicit’ consent to be necessary for processing sensitive personal data.

It will also expand the definition of ‘personal data’ to include IP addresses, internet cookies and DNA, update and strengthen data protection law to reflect the changing nature and scope of the digital economy, make it easier and free for individuals to require an organisation to disclose the personal data it holds on them, and make it easier for customers to move data between service providers.

New criminal offences will be created to defer organisations from intentionally or recklessly creating situations where someone could be identified from anonymised data.

Data protection rules will also be made simpler for those who handle data but they will be made more accountable for the data they process with the priority on personal privacy rights. Those organisations carrying out high-risk data processing will be obliged to carry out impact assessments to understand the risk involved.

The bill will bring the European Union’s General Data Protection Regulation (GDPR) into UK law, helping Britain prepare for a successful Brexit.

Minister of State for Digital, Matt Hancock, said: “Our measures are designed to support businesses in their use of data, and give consumers the confidence that their data is protected and those who misuse it will be held to account.

“The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world. The Bill will give people more control over their data, require more consent for its use, and prepare Britain for Brexit. We have some of the best data science in the world and this new law will help it to thrive.”

Elizabeth Denham, Information Commissioner, said: “We are pleased the government recognises the importance of data protection, its central role in increasing trust and confidence in the digital economy and the benefits the enhanced protections will bring to the public.”

Julian David, CEO of techUK, said: “The UK has always been a world leader in data protection and data-driven innovation. Key to realising the full opportunities of data is building a culture of trust and confidence.

“This statement of intent is an important and welcome first step in that process. techUK supports the aim of a Data Protection Bill that implements GDPR in full, puts the UK in a strong position to secure unhindered data flows once it has left the EU, and gives businesses the clarity they need about their new obligations.”

Please register to comment on this article