New legislation will give people right to force online traders and social media to delete personal data and will comply with EU data protection

People will get a new right to force social media companies and online traders to delete their personal data under laws to be brought forward by the government this summer. Matt Hancock, the minister for digital, said it would amount to a “right to be forgotten” by companies, which will no longer be able to get limitless use of people’s data simply through default “tick boxes” online.

Plans to give people the right to request a deletion of social media posts from their childhood were floated by Theresa May during the Conservatives’ election campaign and legislation was promised in the Queen’s speech. However, the measures appear to have been toughened since then, as the legislation will give people the right to have all their personal data deleted by companies, not just social media content relating to the time before they turned 18.

The right to be forgotten is the right to have an imperfect past | Suzanne Moore Read more

The legislation will also give the Information Commissioner’s Office powers to issue tougher fines of up to £17m, or 4% of global turnover, for breaches of data law. But one of the main aims of the bill is to replace the data protection act and make sure that the UK’s laws are compliant with the EU’s general data protection regulation, so that data can continue to flow freely across borders after Brexit.

“Our measures are designed to support businesses in their use of data, and give consumers the confidence that their data is protected and those who misuse it will be held to account,” Hancock said.



“The new data protection bill will give us one of the most robust, yet dynamic, sets of data laws in the world. It will give people more control over their data, require more consent for its use, and prepare Britain for Brexit. We have some of the best data science in the world, and this new law will help it to thrive.”

Facebook Twitter Pinterest Matt Hancock: ‘The new data protection bill will give us one of the most robust sets of data laws in the world’ Photograph: Jon Super/for the Guardian

Elizabeth Denham, the information commissioner, said data handlers would be made more accountable for the data “with the priority on personal privacy rights” under the new laws.

The definition of “personal data” will also be expanded to include IP addresses, internet cookies and DNA, while there will also be new criminal offences to stop companies intentionally or recklessly allowing people to be identified from anonymous personal data.



The laws are different from the “right to be forgotten” by search engines, which relates to a European court of justice ruling that led to people asking Google and other companies to take down links to news items about their lives.

Hancock is expected to reveal more details about the plans on Monday, but the legislation will not be published until after the summer recess.

The main aim of the legislation will be to ensure that data can continue to flow freely between the UK and EU countries after Brexit, when Britain will be classed as a third-party country. Under the EU’s data protection framework, personal data can only be transferred to a third country where an adequate level of protection is guaranteed.

The government has stressed that it is “keen to secure the unhindered flow of data between the UK and the EU post-Brexit”. But the EU committee of the House of Lords has warned that there will need to be transitional arrangements covering personal information to secure uninterrupted flows of data.

Shadow culture secretary Tom Watson said: “Labour’s manifesto committed to allowing young people to remove content shared on the internet before they turned 18, so we’re glad the government is taking action on this. As we are leaving the EU it is more important than ever that we have a robust data protection framework fit for the future.”