Early bird prices are coming to an end soon... ⏰ Grab your tickets before January 17

This article was published on August 7, 2017

UK’s tough new ‘right to be forgotten’ legislation protects users by imposing huge fines


UK’s tough new ‘right to be forgotten’ legislation protects users by imposing huge fines

Britain’s data protection legislation could soon see its most significant overhaul in years, under proposals outlined by the current May government.

The biggest feature is that citizens will be able to ask online services to delete their data — particularly if it was posted when they were children. That’s huge, because who doesn’t have something ill-advised plastered on a MySpace or Livejournal account somewhere?

People will be able to request that any firm that holds their personal data — ranging from basic biographical details (i.e. their name) to their DNA — to delete it.

The landmark bill also expands the definition of personal information to include IP addresses, DNA and cookies.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

Companies can refuse to delete something, however, on freedom of expression grounds, or if the data is of scientific or historical importance.

In addition, it requires that companies obtain explicit consent when they process sensitive personal information, and makes it easier for people to withdraw that consent, should they change their mind. It also makes it much easier to see what information companies hold on them, and transfers the European Union’s General Data Protection Regulation (GDPR) into UK law.

Backing up the new rules is a punitive regime of fines, which punish companies not only for breaking the new rules, but for losing customer data.

A company that suffers a data breach could see themselves fined up to £17 million ($22 million), or 4-percent of global turnover.

The current maximum fine is £500,000, although in reality, most data breaches are met with a slap on the wrist.

Talk Talk, which in 2015 lost the personal data of almost 157,000 customers, was only fined £400,000 ($522,000), while Pharmacy 2U, which sold its customer’s data to a marketing company, was slapped with a fine of just £130,000 ($170,000).

Ultimately, this is great news for consumers, and if the bill eventually becomes law, it will radically change the relationship between online services and users.

It’s inevitable that some businesses will complain, however, about the onerous nature of the fines, and the administrative overheads of having to comply with this new legislation. This is something few, I imagine, will have sympathy for.

Get the TNW newsletter

Get the most important tech news in your inbox each week.