The government will soon give British citizens the ability to see what social media firms like Twitter and Facebook know about them and provide the right to demand that information is deleted.
The Data Protection Bill will make it easier for people to find out how companies are using their personal details, including their browsing history. They will then be able to request that posts or pictures be permanently deleted as their “right to be forgotten.”
The powers, introduced by Digital Minister Matt Hancock, will mean individuals can ask social media platforms to delete information they posted when they were children, while allowing parents and guardians to give consent for their child’s data to be used.
The measures will also require people to give explicit consent for their personal information to be collected online. Where a company relies on people’s consent, instead of people ticking a box to “opt out” of their data being collected, they will now need to “opt in” to give that consent.
The definition of personal data will be expanded to include IP addresses and internet cookies.
The Information Commissioner’s Office will be given extra powers to issue huge fines to companies who flout privacy laws. Maximum fines for contraventions will increase from £500,000 to £17 million (US$650,000 to $22 million), or 4 percent of a firm’s global turnover, whichever is higher.
The fines for the largest companies, such as Google and Facebook, which use individuals’ data to sell adverts, could stretch to billions.
“The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world,” Hancock said in a statement.
“It will give people more control over their data, require more consent for its use, and prepare Britain for Brexit.”
The bill, which was introduced in the Queen’s Speech, will be introduced in Parliament when MPs and peers return from the summer break in September.
It will align UK law with the EU’s forthcoming General Data Protection Regulation (GDPR), which is set to come into force on May 25, 2018.
GDPR requires anyone handling Europeans’ data anywhere in the world to abide by its regulations, so this will enable British businesses to exchange and handle data easily with European partners.
The government is also eying up reforms that will make it easier and free for citizens to require an organization to disclose the personal data it holds on them, and customers will also have an easier time moving data between service providers.
Britain’s information commissioner, Elizabeth Denham, said in a statement: “We are pleased the government recognizes the importance of data protection, its central role in increasing trust and confidence in the digital economy and the benefits the enhanced protections will bring to the public.”
Javier Cruz, policy director at digital rights campaign organization Open Rights Group, said he welcomed the government’s intention to bring European data protection laws into UK legislation but said that they could be “fundamentally altered” after Brexit.
“The government must explain how these data protection rights will be guaranteed after the UK has left the EU,” Cruz told RT in a statement.
He added that it was “disappointing” that the law would not allow consumer privacy groups to lodge independent data protection complaints as they can now under consumer rights laws.
“Citizens face increasingly complex data ecosystems. It is almost impossible for the average person to be able to know which organizations hold their personal data.
“Enabling privacy groups to take independent action will ensure consumers’ rights are properly enforced,” Cruz said.