UK Data Protection Bill to put more power into users’ hands
Mon 7 Aug 2017
The UK government has announced plans to introduce a new Data Protection Bill. The law, drafted by Digital Minister, Matt Hancock, will allow users to delete sensitive information from the web.
The new Data Protection Bill will allow UK citizens to request that companies erase their personal data, aiming to simplify the data withdrawal process.
According to the proposed Bill, IP addresses, internet cookies and DNA will be counted as personal data. Companies will be required to store sensitive information safely and securely, or they will face a fine.
Companies which disobey the new rules will be fined up to £17 million, or 4% of their global turnover. Currently, the maximum fine that businesses can suffer for breaking data protection law is £500,000.
As the new General Data Protection Regulation (GDPR) is set to be implemented in the European Union in May 2018, one of the main goals of the UK Bill is to ensure free data flow between the EU and the UK following Brexit.
‘The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world. It will give people more control over their data, require more consent for its use, and prepare Britain for Brexit,’ said Hancock.
Further details on the government’s plans are expected to be published shortly. The bill will be introduced in Parliament in September when MPs and peers have returned from the summer break.
The current UK Data Protection Act was created in 1998 and has rarely been updated since. Currently, citizens have the right to write to organisations and ask for a copy of the information they hold about them. Companies are legally required to give a copy of the information after receiving a request.
However, organisations are also allowed to withhold information, for example, if the information is about the prevention, detection or investigation of a crime, national security or the armed forces, the assessment or collection of tax, or judicial or ministerial appointments. In these cases, companies don’t have to provide a reason why they are withholding the information.