Social media giants such as Facebook and Google will face strict new rules on how they collect, use and store personal data under proposals announced by the Government.
The draft Data Protection Bill, which will be heard when Parliament reconvenes next month, aims to bring the UK in line with the rest of Europe once the EU’s General Data Protection Regulation (GDPR) is introduced in May 2018.
But what does it mean and what difference will it make for you?
The End of The ‘Pre-Selected’ Tick Box
One of the major changes in the new bill is the introduction of a requirement for explicit consent before sensitive personal information can be collected. This spells the end of the pre-selected tick box, which has long been used to ‘nudge’ internet users into agreeing to the collection of all kinds of data. It will not, of course, solve the problem that most users tick the consent box anyway without reading the terms and conditions. That fight will have to be left for another day.
The Right to Remove Embarrassing Photos
The new bill also includes a right to request that personal information be erased. Subject to a few exceptions around free speech and public policy, most people will be able to request that information held about them be erased. This will include a provision to allow people to require social media platforms to delete information they posted during their childhood. This should result in a collective sigh of relief for the Myspace generation.
Computer Says… ‘Let me Check With a Human’
Under the new rules, individuals will have greater say in decisions that are made about them based on automated processing. Where decisions are based solely on automated processing, internet users can request that the processing is reviewed by a person rather than a machine. This might prevent a person from being automatically rejected for insurance, a mortgage or access to a government service because the online form did not provide for their circumstances.
Love You And Leave You
The bill also protects your right to move your data between service providers. Whether you store your photos on Google Drive, or record your rental payments with the Royal Bank of Scotland, you should be able to move your data round without your current provider holding your data hostage. The idea is that an organisation shouldn’t be able to lock you into a bad deal because they have control over your data. This will allow for more competition and innovation.
Companies Who Use Anonymised Data To Identify People Could Be Breaking The Law
The bill also proposes a new offence for using anonymised data to identify people. This means that if data has had all the identifying information like names, addresses or phone numbers removed, it could be an offence to match that data with publically-available information to identify people.
For example, if a pharmaceutical company matched data from an anonymised study with publically-available information and used the results to target potential customers for its products.
A New Sheriff in Town
Well, the same sheriff, but with significantly expanded enforcement powers. The Information Commissioner’s Office will now be able to fine some organisations up to £17 million or 4 per cent of annual turnover. This is a significant increase from the current maximum fine of £500,000.
For a consultation with a specialist group litigation lawyer, contact Slater and Gordon today on freephone 0800 916 9015 or contact us online.
David Barda is a group litigation lawyer and data protection specialist at Slater and Gordon in London.