Online shoppers will win control over the data retailers hold on them when upcoming legislation comes into force in the UK next year.
The Government’s statement this week that it intends to update and strengthen data protection laws through a new Data Protection Bill should end uncertainty about whether UK retailers need to comply with the provisions of the European Union’s GDPR (General Data Protection Regulation), since the terms of both look set to be broadly similar.
Under the new regulations, expected to be in force by the end of May next year, individuals, including online shoppers, will be able to ask businesses, such as retailers, and social media companies, to erase personal data that they hold on them. It will be both easier and free for individuals to find out what personal data an organisation holds on them, and to move their data between service providers.
Traders will also have to stop using default opt-outs or pre-selected tick boxes, often ignored, to gain consent to collect personal data. The definition of personal data expands at the same time to cover IP addresses, internet cookies and DNA.
The Information Commissioner’s Office (ICO) will have the power to issue fines of up to £17m, or 4% of global turnover, for the most serious data breaches.
Matt Hancock, minister of state for digital, said: “Our measures are designed to support businesses in their use of data, and give consumers the confidence that their data is protected and those who misuse it will be held to account.
The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world. The Bill will give people more control over their data, require more consent for its use, and prepare Britain for Brexit. We have some of the best data science in the world and this new law will help it to thrive.”
Information Commissioner Elizabeth Denham said: “We are pleased the government recognises the importance of data protection, its central role in increasing trust and confidence in the digital economy and the benefits the enhanced protections will bring to the public.”
Commenting on the news, Lawrence Jones, chief executive of British data hosting and cloud computing specialist UKFast, said the new act would bring much-needed controls over personal data for individuals and provide confidence in digital businesses trading in personal data. He said it must be at least equal to the protection offered by the EU GDPR legislation.
“The opportunity is arising for the UK to establish itself even further as a leading player in data analytics, data centres and global data processing services,” said Jones. “We’re in an incredibly strong position as we hold the highest privacy standards, but we need to keep that up after we leave the EU.
“In light of Brexit we have been calling on the UK government to deliver legislation at least equal to the GDPR, so it’s reassuring to see Matt Hancock announce these measures to implement the EU law.
“Businesses are built upon confidence – confidence in suppliers, in each other and in the economy. Brexit has already caused a huge amount of uncertainty in the economy, so that last thing we need is confidence to fall in our abilities as tech leaders.”
He said that his business had won “significant amounts of business from our giant American competitors simply because we are held to higher standards on data regulation than the US, and people trust that standard”.
Tom Thackray, CBI innovation director, said: “In the modern economy, data has huge value and its innovative use leads to better services and more productive businesses.
“But firms know that this ability to innovate is dependent on customers having confidence that their information is well protected. This legislation strikes the right balance in improving standards of protection while still enabling businesses to explore new products and services.”