The government will soon give British citizens the ability to see what social media firms like Twitter and Facebook know about them and provide the right to demand that information is deleted.
The Data Protection Bill will make it easier for people to find out how companies are using their personal details, including their browsing history. They will then be able to request that posts or pictures be permanently deleted as their “right to be forgotten.”
The powers, introduced by Digital Minister Matt Hancock, will mean individuals can ask social media platforms to delete information they posted when they were children, while allowing parents and guardians to give consent for their child’s data to be used.
The measures will also require people to give explicit consent for their personal information to be collected online. Where a company relies on people’s consent, instead of people ticking a box to “opt out” of their data being collected, they will now need to “opt in” to give that consent.
The definition of personal data will be expanded to include IP addresses and internet cookies.
The Information Commissioner’s Office will be given extra powers to issue huge fines to companies who flout privacy laws. Maximum fines for contraventions will increase from £500,000 to £17 million (US$650,000 to $22 million), or 4 percent of a firm’s global turnover, whichever is higher.
The fines for the largest companies, such as Google and Facebook, which use individuals’ data to sell adverts, could stretch to billions.
“The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world,” Hancock said in a statement.
“It will give people more control over their data, require more consent for its use, and prepare Britain for Brexit.”
The bill, which was introduced in the Queen’s Speech, will be introduced in Parliament when MPs and peers return from the summer break in September.
It will align UK law with the EU’s forthcoming General Data Protection Regulation (GDPR), which is set to come into force on May 25, 2018.
GDPR requires anyone handling Europeans’ data anywhere in the world to abide by its regulations, so this will enable British businesses to exchange and handle data easily with European partners.
The government is also eying up reforms that will make it easier and free for citizens to require an organization to disclose the personal data it holds on them, and customers will also have an easier time moving data between service providers.