Firms that don’t comply with the policy could face hefty fines. The new legislation would give the Information Commissioner’s Office the power to fine companies that break the law up to £17 milllion ($22.2 million), or 4 percent of global turnover.
The current maximum fine companies can incur for breaching data protection laws is £500,000 ($652,500).
Proposals included in the bill would:
- Make it simpler to withdraw consent for the use of personal data
- Allow consumers to request for the deletion of their data
- Let parents and guardians give consent for their child’s data to be shared
- Expand the definition of ‘personal data’ to include things like IP addresses and internet cookies (data which is stored when you browse the internet)
The legislation would also create new criminal offences for organizations that “either intentionally or recklessly” allow users to be identified from encrypted data.
“We are pleased the government recognises the importance of data protection, its central role in increasing trust and confidence in the digital economy and the benefits the enhanced protections will bring to the public,” Elizabeth Denham, information commissioner said in a statement.
The law allows consumers the right to force social media companies to remove information which they may have posted as a child.
Facebook told CNBC that it is already in compliance with EU data protection laws, and that it would be ready for the implementation of the new data sharing framework.