Crunch time: the UK Data Protection Bill faces increasing scrutiny
17 November 2017
As the proposed UK Data Protection Bill continues to face scrutiny in the House of Lords, consumer group Which? has called for changes to the bill. In a statement in October, Which? said that it wanted to see the legislation offer greater protection for consumers against data breaches. Considering this move by the consumer group, perhaps it is time for others to get stuck in, and make this a “great data debate”.
Hold that thought for a moment. First things first, what is the Data Protection Bill, and why does it matter? In short, the new legislation is closely tied to the Brexit process. It is designed to ensure that UK regulation falls fully into line with EU’s General Data Protection Regulation (GDPR) when the UK leaves the bloc in March 2019. The bill, much like GDPR, will ensure people have greater control of their data, and will place tougher rules on those who gather, use and store consumers’ data.
Broadly speaking, the government is aiming to upgrade data protection laws to meet the demands of the digital economy. Consent will be at the centre of the legislation. Not only will the processing of sensitive data require explicit consent, it will also be much easier for consumers to withdraw consent for companies to use their data. Individuals will be able to obtain a disclosure of their personal data from the organisation that has collected and is using their data. Importantly, consumers will be able to ask for personal data to be erased.
It is in light of this major shift in data protection legislation that Which? has added its voice to parliamentary debate. Based on their own research, the organisation found that nearly 10% of UK consumers thought their data had been breached in the past year. Of those surveyed, three quarters were concerned that data they have shared online could be leaked. Which? is calling for the Data Protection Bill to give greater powers to independent bodies – specifically, the power to help consumers claim compensation, in the event of data breaches.
Businesses are at the centre of this legislation: GDPR and the Data Protection Bill will hold them to greater account over the safety of the personal data they store. In light of the research by Which?, it would appear that greater reassurance from data handlers is needed, so that UK consumers can feel more confident in the safety of their data.
Now is the time for UK businesses to add their voice to the public debate. Now is the time to make sure that consumers recognise the extent of safeguards already in place (take encryption, for example). Now is the time to get stuck into the “great data debate”, so that we can all make sense of the fast-evolving digital world, and adapt accordingly!