Everyone will be given sweeping new powers to see what tech companies know about them and have it deleted, under a new bill.
UK’s Data Protection Bill will make it far more easy for people to find out how companies are using their personal details, including their browsing history and even their DNA. And once they’ve seen it, it will also greatly increase the “right to be forgotten” – allowing people to make those companies delete that most personal of information.
The bill is intended partly to allow people to escape from their internet history when they become an adult, since companies like Facebook and Google will have to scrub everything that they posted when they were a child.
Companies that won’t comply could be fined millions of pounds.
As well as giving people far more power in how their information is handled, it will also make companies be more up front about how it is collected. Companies won’t be able to trick their customers by using pre-selected tick boxes that opt into tracking, for instance, and people will instead have to give their explicit consent.
The legislation will:
- Allow people to ask for their personal data held by companies to be erased
- Enable parents and guardians to give consent for their child’s data to be used
- Expand the definition of personal data to include IP addresses, internet cookies and DNA
- Make it easier and free for individuals to require an organisation reveal the personal data it holds on them
- Create new criminal offences to deter organisations from intentionally or recklessly creating situations where someone could be identified from anonymised data
The legislation will bring the European Union’s General Data Protection Regulation (GDPR) into domestic law, helping Britain prepare for Brexit because it will mean the systems are aligned when the UK leaves the bloc.