It was 1998 when Britain last passed a data protection law– six years before Facebook was invented and only a few years after I was born. For those of us part of a generation who ‘grew up online’ – who have only known a world where personal data and awkward teenage photographs are circulated around the internet – the current legislative landscape leaves us vulnerable and deprives us of privacy, property and security.
However, this situation is starting to change in Britain. The new Data Protection Bill, announced by on Monday by Matthew Hancock, Minister of State for Digital, will give British individuals greater access to, and control over, their personal data online.
The Bill will bring into UK law the EU’s General Data Protection Regulation, which operates under the mantra of “privacy by design and default”. Announcing the bill, Hancock said that the Government is keen to secure the unhindered flow of data between the UK and the EU post-Brexit and, this bill is exactly what Britain needs to prepare.
Under the new legislation, the definition of personal data will be significantly expanded to include online identifiers and anything that may reveal someone’s location. Under the “right to be forgotten”, people will be able to demand that organisations delete or remove their personal data — including the embarrassing social media posts on Bebo and MySpace from our childhood and student years.
Automatically ticked consent boxes that allow companies to store, share and manipulate valuable personal information will be banned – a move to crack down on retailers who increasingly rely on anonymised browsing data to target advertising.
The current legislative landscape leaves us vulnerable and deprives us of privacy, property and security.
This will have a significant impact on businesses: they will be faced with far bigger fines for non-compliance – up to 4 per cent of their global annual turnover, or €20 million – whichever is greater. This is a marked increase on the current maximum fine for breaches of data rules, set by the Information Commissioner’s Office at £500,000.
It could also have an impact on political parties who rely increasingly heavily on social media algorithms during election campaigns – who can recall Jeremy Corbyn on snapchat and Theresa May popping up on Instagram? With automatic data collection set to face tougher restrictions, it could be that the advanced targeting techniques of online campaigners will take a hit.
As a political move, the bill is well-founded. Plans to give people these rights were floated in the Conservative Party’s election campaign and were referred to in the Queen’s speech. Labour also campaigned on the issue, setting out plans in their general election manifesto to ensure people can remove data. Measures seem to have toughened in their translation from election pledge to legislation, with the bill outlining a strict set of rules for data protection in the post-Brexit world.
With all eyes focused on the Brexit battle ahead, the Conservative government has been hesitant to introduce policies which will cause a stir in the house. Brexit bills aside, legislation to protect people online has cross-party support and is likely to pass relatively smoothly through the legislative process. The business community also seems on board, with the CBI saying the Bill strikes a “fine balance”.
There are few MPs in the House young enough to benefit from some of the bill’s finer points – I could probably count on one hand the number of MPs that were under-18 when Facebook was launched – but with the Conservative Party actively courting the electorate over the summer, this bill appears to be a good platform to show the Party’s “protective” side.