The UK Department for Digital, Culture, Media & Sport has published details of how Britain’s data protection laws will be updated in response to the EU General Data Protection Regulation (GDPR).
Parliament will be asked to consider The Data Protection Bill, which will:
- Make it simpler to withdraw consent for the use of personal data;
- Allow people to ask for their personal data held by companies to be erased;
- Enable parents and guardians to give consent for their child’s data to be used;
- Require ‘explicit’ consent to be necessary for processing sensitive personal data;
- Expand the definition of ‘personal data’ to include IP addresses, Internet cookies and DNA;
- Update and strengthen data protection law to reflect the changing nature and scope of the digital economy;
- Make it easier and free for individuals to require an organization to disclose the personal data it holds on them;
- Make it easier for customers to move data between service providers.
New criminal offences will be created to deter organizations from either intentionally or recklessly creating situations where someone could be identified from anonymised data.
Elizabeth Denham, Information Commissioner, said:
“We are pleased the government recognises the importance of data protection, its central role in increasing trust and confidence in the digital economy and the benefits the enhanced protections will bring to the public.
“Data protection rules will also be made clearer for those who handle data but they will be made more accountable for the data they process with the priority on personal privacy rights. Those organizations carrying out high-risk data processing will be obliged to carry out impact assessments to understand the risks involved.”