The Government has announced its plans to update and strengthen the UK’s data protection laws following Brexit through a new Data Protection Bill. The Data Protection Bill is intended to make it easier for individuals to investigate how their personal information is being used by businesses and greatly increase their power to use the “right to be forgotten”. The proposals are part of an overhaul of UK data protection laws drafted under Digital Minister, Matt Hancock.
“The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world,” said Mr Hancock in a statement.
“It will give people more control over their data, require more consent for its use, and prepare Britain for Brexit,” he added.
The Government has stated that their proposals included in the bill will:
- Make it easier for individuals to withdraw their consent for the use of personal data.
- Allow people to ask for their personal data held by businesses to be erased.
- Enable parents and guardians to give consent for their child’s data to be used.
- Require ‘explicit’ consent to be necessary for processing sensitive personal data.
- Expand the definition of ‘personal data’ to include IP addresses, internet cookies and DNA.
- Update and strengthen data protection law to reflect the changing nature and scope of the digital economy.
- Make it easier and free for individuals to require an organisation to disclose the personal data it holds about them.
- Make it easier for customers to move data between service providers.
The Data Protection Bill will place a strong burden on organisations to protect data and provides for significant fines if they fail to protect information or suffer a breach. In the UK, organisations that suffer a serious data breach could be fined up to £17m or 4% of global turnover whereas the current maximum fine for breaking data protection laws is £500,000.