Advertisement
UK markets closed

  • FTSE 100

    8,433.76
    +52.41 (+0.63%)
     

  • FTSE 250

    20,645.38
    +114.08 (+0.56%)
     

  • AIM

    789.87
    +6.17 (+0.79%)
     

  • GBP/EUR

    1.1622
    +0.0011 (+0.09%)
     

  • GBP/USD

    1.2525
    +0.0001 (+0.01%)
     

  • Bitcoin GBP

    48,626.29
    -1,534.87 (-3.06%)
     

  • CMC Crypto 200

    1,261.87
    -96.14 (-7.08%)
     

  • S&P 500

    5,222.68
    +8.60 (+0.16%)
     

  • DOW

    39,512.84
    +125.08 (+0.32%)
     

  • CRUDE OIL

    78.20
    -1.06 (-1.34%)
     

  • GOLD FUTURES

    2,366.90
    +26.60 (+1.14%)
     

  • NIKKEI 225

    38,229.11
    +155.13 (+0.41%)
     

  • HANG SENG

    18,963.68
    +425.87 (+2.30%)
     

  • DAX

    18,772.85
    +86.25 (+0.46%)
     

  • CAC 40

    8,219.14
    +31.49 (+0.38%)
     
MONEY:

Best savings accounts that offer above inflation rates

How to earn the most interest on your savings

Data Protection Bill: How will the new laws affect you?

James Titcomb
Updated
Consumers will be able to request that their data is deleted - PA
Consumers will be able to request that their data is deleted - PA

The Government has announced new laws that will grant people more control over how others use their personal data.

The new Data Protection Bill is designed to sign European privacy rules into British law, as well as update the existing Data Protection Act which has not changed since 1998.

Included in the reforms are a “right to be forgotten” that will allow individuals to ask companies including social media firms for their data to be erased.

What are the new measures?

The Data Protection Bill proposes a package of new measures for consumers:

Right to be forgotten

Consumers will be able to ask businesses and organisations for access to their personal data and for it to be wiped, giving them more control over how their information is removed.

ADVERTISEMENT

This measure is part of the European General Data Protection Regulations (GDPR), but the UK law will extend this slightly by requiring social media companies to delete all of a person’s posts from before they were under 18, if they ask for it.

The requirement will be subject to some exemptions, but may cause a headache for businesses, some of whom may not have data stored in files or on analogue tapes, making it difficult to sort their data.

Personal data

The definition of personal data will be greatly expanded to reflect new types of data that were not covered by the 1998 regulations. They include IP addresses (used to identify a phone or computer visiting a website), internet cookies (data about your web browsing habits) and DNA.

Privacy

At present, many websites force visitors to opt out of being added to email and phone call lists by ticking boxes at the end of online forms. Consent for privacy policies which web browsers never read is often assumed.

The new laws will make consent explicit - people will have to opt in to being put on cold-calling lists and be aware that they are being passed on to marketing companies. In practice, it should mean receiving fewer calls asking if you’ve been in a car accident that wasn’t your fault.

Automated processing

This is another law being taken over from GDPR, but its consequences are still yet to be seen. When individuals are “profiled” by an algorithm based on their personal data, such as an evaluation of their health, wealth or movements, individuals can demand this action is performed by a person, rather than a machine.

Things such as insurance and job applications are increasingly relying on automation, so this will be of growing importance.

Data portability

Consumers will be able to move data between companies should they wish to. For example, they will be able to easily move photos between cloud storage companies.

New powers and criminal offences

As well as introducing the new rules, the data watchdog will be given new powers to enforce them. It will be able to levy fines of up to £17m, or 4 per cent of a company’s global turnover, for breaching the rules, well up from the current £500,000 maximum for breaching the current Data Protection Act.

For a major company like Google, that could mean fines potentially worth billions of pounds.

There will also be two new criminal offences, which could have unlimited fines:

  • Re-identifying people from anonymous data: Data is often kept anonymous to respect people’s privacy, but by piecing many of these bits together, it might be possible to identify an individual’s browsing habits or credit card transactions. This will become a criminal offence.

  • Changing data: Organisations could also face criminal charges if they are found tampering with data that has been requested by an individual.

Why are we doing this?

Next May, the  GDPR, a new set of cross-EU data rules, comes into force. The UK’s existing data rules must be updated to match them, but the Government also wants similar data laws to the EU after Brexit. This is to ensure that organisations can freely send data back and forth with Europe after we leave.

Some reforms, such as the requirement that social media companies delete under-18 posts when asked, are extra to the GDPR.

Is it controversial?

Many experts have warned that businesses are totally unprepared for the new rules coming into force. Although fines are unlikely to all be £17m, companies may be stung before getting their houses in order.

Campaigners have criticised the Government for not allowing privacy groups to make “super complaints” against companies, in the same way that consumer organisations can. These complaints were made an option under the GDPR but ministers have not taken it up. Privacy groups say consumers often find it difficult to understand complex data issues so campaigners should be able to act on their behalf.

The extent of the reforms are also unclear - important personal data such as health records or data of scientific importance may be protected, but at this stage it is unclear exactly what the exemptions may be.