In May 2018, Parliament passed the Data Protection Act 2018
which, together with the General Data Protection Regulation
, imposes strict obligations on data controllers, including social media platforms. Social media
organisations must be clear with people how their data is going to be used and only process it where there are lawful grounds to do so. The legislation also strengthens the rights of individuals to access their own data, object to its continued use or seek to rectify, erase or move it. Organisations which fail to comply with the new legislation may be investigated by the Information Commissioner
’s Office and subject to increased fines.
For those who commit serious breaches there are significant financial penalties including fines up to £18 million or 4% of global turnover that can be applied as well as the backstop of criminal prosecution.
We worked closely with the Information Commissioner during the passage of the Bill and in the wake of the Facebook/Cambridge Analytica
controversy to make sure she had the powers she needed to investigate complex data breaches in our increasingly digital economy and society.