The government has announced that it is introducing exceptions in the new Data Protection Bill to protect journalists, anti-doping agencies, and financial firms that collect data on money laundering and terrorist financing.
New exemptions in the Data Protection Bill will stop terrorists, money launderers and other criminals from misusing the new law.
Back in August, the government announced its new Data Protection Bill which would ‘give people more control over their data, require more consent for its use, and prepare Britain for Brexit’.
The law is aimed at enhancing protections around customer data, giving people more control over their data, and penalising firms that fail to secure or protect sensitive data belonging to their customers. The law will enhance fines from the existing £500,000 to up to £17 million or 4 per cent of global turnover.
Once the new law comes into effect, companies will be required to obtain explicit consent from people before collecting their personal data or storing them for any purpose. Aside from personal information like names, addresses, email addresses, phone numbers and government ID numbers, such data will also include IP addresses, DNA, and cookies.
At the same time, companies will have to respect any customer’s request to have his data amended or deleted from their servers. Consent will not be permanent and citizens will be able to withdraw their consent anytime they wish to do so.
To ensure that such regulations are not misused by people on the wrong side of the law for their personal benefit, the government is introducing several exemptions to ensure that ‘UK businesses and organisations can continue to support world-leading research, financial services, journalism and legal services’.
The exemptions would ensure that anti-doping agencies will be able to access personal data of athletes without their express consent for the purpose of maintaining the integrity of professional sports. At the same time, journalists will also be able to access sensitive or company data without having to obtain consent, as long as it is in the public interest and to expose wrongdoing.
Certain financial firms who collect sensitive data to detect money laundering, embezzlement or financial crimes will also be exempted from the Data Protection Law. This will ensure that companies that are accused of malpractice will not be able to withdraw their consent during investigations. Scientific and historical research organisations will also be exempted so as not to hinder their research work.
Apart from these exceptions, the government will also introduce a framework for intelligence and security agencies so that they are able to coduct their investigations while protecting the rights of victims, witnesses and suspects at the same time.
Simon Migliano, Head of Research at Top10VPN.com, believes that even though the government is defining modern data like IP addresses, internet cookies and DNA as protected personal data, it is unclear if it will be able to catch up to the fast-evolving technology space. For example, Face ID in iPhone X is a new form of personal data that finds no mention in the Data Protection bill.
“With this, it’s becoming even more important for consumers to not rely on the government to make these changes as such, but take the matter into their own hands. Understanding who, what and when you are sharing your personal information with will go a long way to protecting yourself,” he adds.