On the 7th August 2017, the UK government announced new laws based on data protection. The main reason being to help guide the UK towards the impending GDPR law coming into force in May 2018.
What the bill does is to sign into UK law, European privacy rules. It will also update the existing data protection act which has been unchanged since 1998. The main change is that it will give people more control over their personal data and how it is used.
— DCMS (@DCMS) August 7, 2017
What does the bill do?
Below we have put together a brief idea about what the bill covers:
Right to be forgotten
People will be able to ask for access to their personal data and for it to be wiped. This will give them more control over how their information is removed.
This is part of GDPR coming into force in 2018. It will also require social media companies such as Twitter and Facebook to delete all of a person’s posts from when they were under 18, if they ask for it.
The definition of personal data will be expanded. It will cover a lot of things that were not included in the original 1998 act. Things such as IP addresses and internet cookies are now covered. This measure has been put into place because of the increased activity of tracing people via their web browsing habits.
At the moment, many websites force visitors to opt out of certain things. There is also an assumption made about privacy statements on websites if an individual reads any of the site.
The new laws will make consent much clearer. You will have to opt in rather than opt out to being put on lists. You should also be aware of any information that is passed on to marketing companies.
People will have greater say in decisions that are made about them based on automated processing. Where decisions are based on solely automated processing, such as insurance quotes, individuals can request that processing is reviewed by a person rather than just a machine.
This bill will also make it easier for customers to move data between service providers. If you change isp and use email or file storage services for things like photos, you should be able to move that data.
The ICO (Information Commissioners Office) will also be given extra power to enforce the rules. New fines of up to £17m, or 4 per cent of a company’s global turnover, for breaching the rules will be possible.
There will also be two new criminal offences, which could have unlimited fines:
- Re-identifying people from anonymous data – Intentionally or recklessly re-identifying individuals from anonymised or pseudonymised data. Offenders who knowingly handle or process such data will also be guilty of an offence.
- Changing data – Organisations could also face criminal charges if they are found tampering with data that has been requested by an individual.
If you want to know more, you can read the entire bill here