The government has promised to strengthen data protection legislation in a statement of intent that has been welcomed by privacy campaigners and the UK’s tech trade body.
The new Data Protection Bill will give citizens the right to ask companies to delete their personal data, let the ICO issue fines of up to 4 per cent of a company’s turnover and introduce the EU’s new General Data Protection Regulation (GDPR) into UK law.
The promise to adopt GDPR, which was widely expected, is arguably the biggest commitment.
Julian David, CEO of trade body techUK, said: “[It] puts the UK in a strong position to secure unhindered data flows once it has left the EU, and gives businesses the clarity they need about their new obligations.”
The pledge to adopt GDPR was also welcomed by Open Rights Group’s policy director Javier Ruiz.
“It will strengthen everyone’s ability to control what data can be collected about them and how it can be used,” he said.
Government is waiting until parliament returns from recess to publish the legislation – but the statement reveals the bill will be more stringent than many had expected.
Theresa May had previously promised to give people the right to ask social media firms to remove posts they had made in their childhood.
Instead, the new rules would let them request the deletion of all personal data, the definition of which would be expanded to include information such as DNA and internet cookies.
“The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world,” said Matt Hancock, the minister in charge of the legislation.
“It will give people more control over their data, require more consent for its use, and prepare Britain for Brexit,” he added.
But one aspect of the legislation has come under fire.
Open Rights Group’s Ruiz said: “We are disappointed that UK Ministers are not taking up the option in EU law to allow consumer privacy groups to lodge independent data protection complaints as they can currently do under consumer rights laws.”
He added: “Citizens face increasingly complex data ecosystems. It is almost impossible for the average person to be able to know which organisations hold their personal data. Enabling privacy groups to take independent action would ensure consumers’ rights are properly enforced.”
Some industry figures also questioned the government’s commitment to digital privacy given its previous legislation.
Simon Migliano, head of research at Top10VPN.com, said: “It feels hypocritical for the government to be trumpeting these new data protection measures while at the same time being responsible for the Investigatory Powers Act, or Snoopers’ Charter, which runs completely contrary to these proposals.”