British consumers will soon be able to request that their data is erased and force social media giants like Facebook to delete embarrassing posts under new data protection legislation.
The law, which will enshrine the European Union's General Data Protection Rule (GDPR), is intended to give the public more control over what happens with their personal data – including the "right to be forgotten."
Plans to update the country's data protection laws were announced in a statement of intent on Monday. Digital Minister Matt Hancock said that the new law would support U.K. businesses and consumers alike.
"Our measures are designed to support businesses in their use of data, and give consumers the confidence that their data is protected and those who misuse it will be held to account," Hancock said in a statement on Monday.
Data protection law to 'prepare Britain for Brexit'
The digital minister added that the law would prepare the country's data protection rules for Britain's departure from the European Union.
"The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world. The Bill will give people more control over their data, require more consent for its use, and prepare Britain for Brexit," he said.
A legal expert told CNBC last month that U.K. businesses would still be forced to comply with the EU's data sharing rules.
"Brexit won't change how consumer data is handled in the U.K. - there won't be any reduction of rights or protection," Stewart Room, a legal expert on data protection at professional services firm PwC, told CNBC in July.
"Data protection law has never before been so specific and directly prescriptive about what is expected of data controllers and processors. Organizations will be required to be much more transparent with consumers about what they're doing with their data, even before they collect it and if something goes wrong."
The bill was first announced in July as part of the Queen's Speech, which opens parliament. It will move through U.K. parliament when lawmakers return from the summer break in September.
The EU's GDPR will come into effect as of May next year.
Punishment for breaking data protection laws
Firms that don't comply with the policy could face hefty fines. The new legislation would give the Information Commissioner's Office the power to fine companies that break the law up to £17 milllion ($22.2 million), or 4 percent of global turnover.
The current maximum fine companies can incur for breaching data protection laws is £500,000 ($652,500).
Proposals included in the bill would:
- Make it simpler to withdraw consent for the use of personal data
- Allow consumers to request for the deletion of their data
- Let parents and guardians give consent for their child's data to be shared
- Expand the definition of 'personal data' to include things like IP addresses and internet cookies (data which is stored when you browse the internet)
The legislation would also create new criminal offences for organizations that "either intentionally or recklessly" allow users to be identified from encrypted data.
"We are pleased the government recognises the importance of data protection, its central role in increasing trust and confidence in the digital economy and the benefits the enhanced protections will bring to the public," Elizabeth Denham, information commissioner said in a statement.
The law allows consumers the right to force social media companies to remove information which they may have posted as a child.
Facebook told CNBC that it is already in compliance with EU data protection laws, and that it would be ready for the implementation of the new data sharing framework.