Online shoppers will win control over the data retailers hold on them when upcoming legislation comes into force in the UK next year.
The Government’s statement this week that it intends to update and strengthen data protection laws through a new Data Protection Bill should end uncertainty about whether UK retailers need to comply with the provisions of the European Union’s GDPR (General Data Protection Regulation), since the terms of both look set to be broadly similar.
Under the new regulations, expected to be in force by the end of May next year, individuals, including online shoppers, will be able to ask businesses, such as retailers, and social media companies, to erase personal data that they hold on them. It will be both easier and free for individuals to find out what personal data an organisation holds on them, and to move their data between service providers.
Traders will also have to stop using default opt-outs or pre-selected tick boxes, often ignored, to gain consent to collect personal data. The definition of personal data expands at the same time to cover IP addresses, internet cookies and DNA.
The Information Commissioner’s Office (ICO) will have the power to issue fines of up to £17m, or 4% of global turnover, for the most serious data breaches.
Matt Hancock, minister of state for digital, said: “Our measures are designed to support businesses in their use of data, and give consumers the confidence that their data is protected and those who misuse it will be held to account.
The new Data…