Britons could obtain more control over what happens to personal information under proposals outlined by the government.
Citizens will be able to ask for personal data, or information posted when they were children, to be deleted.
The proposals are part of an overhaul of UK data protection laws drafted under Digital Minister, Matt Hancock.
Firms that flout the law will face bigger fines, levied by the UK’s data protection watchdog.
The bill will transfer the European Union’s General Data Protection Regulation (GDPR) into UK law.
“The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world,” said Mr Hancock in a statement.
“It will give people more control over their data, require more consent for its use, and prepare Britain for Brexit,” he added.
Proposals included in the bill will:
- make it simpler for people to withdraw consent for their personal data to be used
- let people ask for data to be deleted
- require firms to obtain “explicit” consent when they process sensitive personal data
- expand personal data to include IP addresses, DNA and small text files known as cookies
- let people get hold of the information organisations hold on them much more freely
This places a strong burden on firms to protect data and allows for significant fines if they fail to protect information or suffer a breach.
What can I ask to be removed?
If you worry about embarrassing social media posts lingering online for years, you will soon have the right to ask for them to be removed.
And should you wish for any firm that holds your personal data – from your name to your DNA – you will be able to ask them to delete it.
There are, however, arguments that those holding the data can put forward to refuse such requests, such as freedom of expression and matters that are of scientific or historical importance.
Many of these measures are already part of the EU’s forthcoming GDPR, but they are also being woven into the government’s bill.
All of this goes beyond the “right to be forgotten” rules that already apply to search engines – those affect what can be listed in search results – but the GDPR and associated legislation impact data held by a wide range of companies.
In the UK firms that suffer a serious data breach could be fined up to £17m or 4% of global turnover.
The current maximum fine firms can suffer for breaking data protection laws is £500,000.
The UK’s Information Commissioner will have its powers strengthened and extended to help it police the new regime.
Elizabeth Denham, the information commissioner, said: “We are pleased the government recognises the importance of data protection, its central role in increasing trust and confidence in the digital economy and the benefits the enhanced protections will bring to the public.”