The government has announced plans to give citizens more control over their personal information
The UK government has announced plans to strengthen UK data protection law, giving citizens more control over their personal information – including what they share on social media.
Under the new Data Protection Bill , individuals will have the “right to be forgotten”, meaning they will be able to make websites like Facebook delete information – including content published in their childhood.
Matt Hancock, Minister of State for Digital, said the measures are designed to “give consumers the confidence that their data is protected and those who misuse it will be held to account”.
If passed, the Data Protection Bill will bring British law into line with the EU’s General Data Protection Regulation (GDPR), which will become enforceable from May 2018.
Here’s what the new Data Protection Bill and “right to be forgotten” could mean for you:
It will be easier to withdraw your consent for the use of your personal data
If you ticked a box that gave a company permission to use your personal information for marketing or targeted advertising, and have come to regret it, the new bill will allow you to withdraw your consent at any time.
This should encourage companies to treat your information with respect, and not bombard you with unsolicited communications.
You will be able to ask for your personal data held by companies to be erased
If you uploaded embarrassing photos to Facebook as a teenager, and now want them wiped from your record, the new bill will give you the power to do so.
You will also be able to force companies to delete your contact details and personal information from their databases.
“It is important that the general public embraces this new freedom and recognises the value of personal data,” said David Emm, principal security researcher, Kaspersky Lab.
“It is important that we on an individual level know what information is being kept and how it’s being handled – which will also reduce the likelihood of it falling into the wrong hands.”
Parents and guardians will be able to give consent for their child’s data to be used
Children are accessing the internet from an early age these days, so it’s important their personal data is being protected.
The new bill will give parents and guardians direct control over where their child’s data is used.
Companies will have to gain your ‘explicit’ consent before processing your sensitive personal data
If companies want to collect your personal data, they will have to gain your explicit consent – meaning you will have to proactively tick a box saying you agree.
That means default opt-in and pre-selected “tick boxes” will become a thing of the past.
It is not yet clear whether the same principle will be applied to the government’s collection of citizens’ personal data.
“It feels hypocritical for the government to be trumpeting these new data protection measures while at the same time being responsible for the Investigatory Powers Act, or Snoopers’ Charter, that runs completely contrary to these proposals,” said Simon Migliano, Head of Research at Top10VPN.com .
“Will the Government have to ask ‘explicit’ permission to harvest your data? Will you be able to ask them to view or delete the data the Government holds on you? I doubt it.
“Consumers should not rely on the Government to look after their digital rights and data. Instead they should take responsibility for minimising their digital footprint through a combination of cautious, careful habits and technology.”
Your IP address, internet cookies and DNA will also be classified as ‘personal data’
In the digital, age the definition of personal data is not always clear, and the ways we share information online are constantly evolving.
The new bill will expand the definition to cover the digital footprints you leave online without even realising – such as IP addresses and internet cookies.
It will also include DNA – which means the biometric information you use to access digital services, such as fingerprints, facial recognition and iris scanning.
“The expansion of personal identifiable information to include IP addresses, DNA and cookies is going to be no easy task for businesses to identify and protect,” said Bharat Mistry, principal security strategist at Trend Micro.
“What’s more, they’ll need to have both an effective consent policy in place, and know exactly where this data is held should a consumer exercise their right to be forgotten.
“And this doesn’t just to apply to businesses themselves, but any third party partners that might be processing their customer data, meaning there are a lot of plates to spin.”
It will be easier and free to see what personal data an organisation holds on you
If you use a lot of online services, it can be difficult to keep track of what information you have given to each company.
The bill will allow you to request a full breakdown of the information any given company holds on you.
“This does provide some challenges for business in terms of getting their houses in order, but, ultimately, this now means that privacy needs to be at the core of their business strategies,” said Mark Thompson, head of privacy advisory at KPMG.
It will be easier to move data between service providers
If you have lost trust in one online service provider and want to switch to another, the bill will make it easier to do so.
It will also make it easier to share information between two difference service providers, so you don’t have to enter it all over again.
Companies will face increased penalties for breaking the rules
If a company loses your personal information, you can often feel powerless to do anything about it.
Under the terms of the bill, the Information Commissioner’s Office will be given the power to issue higher fines of up to £17 million pounds or 4% of global turnover, in cases of very serious data breaches.
The measures should encourage companies to take data protection seriously, and help give users of online services peace of mind.
“All too often consumers suffer the consequences when company failures lead to their data being compromised, so the government must ensure they can easily get redress when data is lost,” said Alex Neill, managing director of home products and services at Which?.
Written by: SOPHIE CURTIS
- Ten Tech News Stories You Should Know
- Interview: What Does It Take to Run a Private Island?
- Listening to the Employee Voice