In a surprising turnaround from its previous stance, the UK government has said that its citizens' online privacy is actually important - and has introduced new legislation supporting that.
This is the same government that plans to force tech companies to break encryption so that it can spy on every move you make online - now revealing plans to introduce a new Data Protection Bill that will give Brits better control of their online data.
The bill will give citizens a "right to be forgotten" by companies, said digital minister Matt Hancock, and will require people to give explicit consent for their information to be collected online, rather than firms relying on pre-selected tick boxes.
A government press release announcing the legislation, which will bring the UK's laws into line with the EU's General Data Protection Regulation (GDPR), which comes into force in May 2018, will also:
- Allow people to ask for their personal data held by companies to be erased;
- Enable parents and guardians to give consent for their childrens' data to be used;
- Expand the definition of personal data to include IP addresses, internet cookies and DNA;
- Make it easier and free for individuals to require an organisation reveal the personal data it holds on them; and
- Create new criminal offences to deter organisations from intentionally or recklessly creating situations where someone could be identified from anonymised data.
"Our measures are designed to support businesses in their use of data, and give consumers the confidence that their data is protected and those who misuse it will be held to account," Hancock said.
"The new data protection bill will give us one of the most robust, yet dynamic, sets of data laws in the world. It will give people more control over their data, require more consent for its use, and prepare Britain for Brexit. We have some of the best data science in the world, and this new law will help it to thrive."
The Data Protection Bill will also give extra powers to the UK's Information Commissioner's Office (ICO) to issue fines of up to £17bn, or four per cent of global turnover (again in-line with the GDPR), in cases of the most serious data breaches.
This has been welcomed by Elizabeth Denham, Information Commissioner, who said: "We are pleased the government recognises the importance of data protection, its central role in increasing trust and confidence in the digital economy and the benefits the enhanced protections will bring to the public."
The bill, which was announced in the Queen's Speech earlier this year, will be introduced in Parliament when MPs and peers return from the summer break in September.
The reaction by the infosec community to the legislation has been positive. Greg Day, VP and chief security officer EMEA of Palo Alto Networks, told V3, "The UK government's statement of intent on a Data Protection Bill...gives welcome certainty and direction to the country's business and cybersecurity leadership... The UK's forthcoming bill, which will serve to implement GDPR within the UK, makes it clear that this country wants to be a beacon of excellence for how organisations protect and secure personal data, including by preventing successful cyberattacks, and give individuals control over how their personal data is used."
With £6.7m in initial funding, Mosa Meat could be the first company to offer lab-grown meat to the public
Manufacturing and finance jobs will be hit, but health and education can look forward to job creation, says PwC
US startups plan to modify existing jet engines, but are likely to fall foul of environmental legislation
The Brexit white paper "gets pretty close" to company desires, but there's still work to do