Businesses could face huge fines or criminal charges as individuals are given opportunity to withdraw consent for data, under proposed laws
The government claims a new Data Protection Bill will give the UK one of the “most robust” set of data laws and prepare the country for its post-Brexit future by giving Brits much greater control over how their information is collected and used.
Under the proposals, People will be able to ask social media platforms to delete information they posted in childhood, withdraw consent for data to be used and make it easier to make a request for how much data an organisation holds on an individual.
The bill will enshrine the EU’s General Data Protection Regulation (GDPR) act into British law and make organisations that collect data much more accountable.
Data Protection Bill
“Our measures are designed to support businesses in their use of data, and give consumers the confidence that their data is protected and those who misuse it will be held to account,” said Matt Hancock, Minister of State for Digital.
“The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world. It will give people more control over their data, require more consent for its use, and prepare Britain for Brexit. We have some of the best data science in the world and this new law will help it to thrive.”
Business will be given more support to ensure they are able to manage and secure data properly and data protection laws will be simplified, but there will be greater oversight and stiffer penalties.
Those carrying out “high risk” data processing will be required to carry out impact assessments and new criminal offences aimed at deterring organisations from recklessly or intentionally creating situations where someone could be identified from anonymised data.
This follows a series of high profile security incidents that have resulted from lax or insufficient protections, and research detailed at Defcon last week which suggests ‘anonymised’ data can be ‘de-anonymised’.
The information Commissioner’s Office (ICO) will be able to impose much higher fines. At present it can only issue a maximum penalty of £500,000 – the current record was set earlier this year when a nuisance call firm was imposed with a £400,000 fine.
Under the Data Protection Bill, this will increase to £17 million, or four percent of global turnover, for the most serious of infringements. The ICO has consistently called for greater powers, most notably after the TalkTalk hack in 2015.
“We are pleased the government recognises the importance of data protection, its central role in increasing trust and confidence in the digital economy and the benefits the enhanced protections will bring to the public,” said Elizabeth Denham, the Information Commissioner.
Quiz: Are you a privacy expert?