Many businesses in our thriving digital economy rely on the collection and exchange of data, which is often personal and sensitive in nature. But research shows people are increasingly concerned about how their personal information is used. Some 80 per cent feel they don’t have enough control of their own data. And that’s bad news for everyone, ordinary people and businesses alike.
That is why we are revising data protection laws for the digital age through our Data Protection Bill, which is the first major review of the legislation since 1998.
This government’s Industrial Strategy, published last month, set out our plans to build a Britain fit for the future, with increased productivity and better, higher-paid jobs in every part of the UK. Growing our data-driven economy is a central part of that plan.
And our Digital Strategy, published earlier this year, also made clear our commitment to unlocking the power of data in the UK economy.
We want to give people more confidence in how their data is used, so they can make the most of digital opportunities and so responsible businesses can use that data well, from major internationals to any small business with a customer database.
We will give people the right to be forgotten, beyond what is already offered by Google and other search engines, and to ask for their personal data to be erased. That includes the right to ask social media channels to delete information posted in childhood. And we are expanding the definition of personal data to include IP addresses, DNA and internet cookies.
We will also end the overuse of pre-selected “tick boxes”. Many websites assume consent to their privacy policies unless individuals take steps to opt out, but we know people rarely read the small print. In future, explicit consent will be required before anyone’s data can be used.
These plans are primarily designed to protect individuals’ privacy, but that makes them good for business too. People are more likely to entrust their data where they know it will be handled carefully and safely.
The measures will be brought in through the Data Protection Bill and aligned with the General Data Protection Regulation, which comes into force in May 2018. After that the regulator for data protection, the Information Commissioner’s Office (ICO), will be able to issue fines of up to £17 million for the most serious breaches of the rules and even pursue criminal prosecution. Any organisation whose data processing is considered high risk will be obliged to carry out impact assessments.
So every business and organisation which relies on the use of data will need to be ready. And we have made sure there is plenty of help available. The ICO is providing a range of dedicated products to help people prepare and its website is the place to visit to get the information you need.
This is a significant cultural shift in how data is handled. It puts the emphasis firmly on privacy without compromising the ability of business, the third sector or public services to function. The changes will require adjustments from those handling data, but it will free our data-driven economy to grow and create jobs as we build a country that’s fit for the future.
By Karen Bradley, Secretary of State, Department for Digital, Culture, Media and Sport