Maxim_Kazmin - Fotolia
The UK government has announced details of its Data Protection Bill, which it said will update existing law to make it fit for the digital age.
The UK Data Protection Bill is the result of a commitment to align data protection laws in the UK with the European Union’s (EU’s) General Data Protection Regulation (GDPR).
People in the UK will have greater control over their personal data, including the right to be forgotten, and will be able to ask social media channels to delete information they posted in their childhood.
It will include measures to prevent and detect fraud, and allow action against terrorist financing, money laundering and child abuse. The Information Commissioner’s Office (ICO) will be given more power to defend consumer interests and issue higher fines – up to £17m or 4% of global turnover, whichever is higher.
Lawful data processing will be allowed to continue as far as possible, according to the government, which said the bill will assure specific UK businesses that the vital data processing they undertake “for legal or public interest reasons can continue uninterrupted”.
“[The bill] will preserve existing tailored exemptions that have worked well in the Data Protection Act 1998, carrying them over to the new law,” it added.
Matt Hancock, minister of state for digital, initially signalled the intention to align UK law with the GDPR in February 2017 when giving evidence to an inquiry about data protection post-Brexit by the House of Lords’ EU Home Affairs sub-committee.
“We are strengthening Britain’s data rules to make them fit for the digital age in which we live, and that means giving people more control over their own data,” he said.
“There are circumstances where the processing of data is vital for our economy, our democracy and to protect us against illegality. Today, as we publish the Data Protection Bill, I am offering assurances to both the public and private sector that we are protecting this important work.”