DCMS consultation on data privacy fails to explain why it matters

The General Data Protection Regulation (GDPR) sets out many new rights for UK citizens, including better notions of consent, the right to obtain and download your information, and to delete it at a company. You can also find out more about profiling and automated decision-making. There are big fines available when companies don’t comply after it comes into force in mid 2018.

However, many of the new rights will depend on enforcement. One of the better ideas in the regulation is to allow privacy groups to represent citizens in complaints, without having to find specific people who have been directly affected. The GDPR requires member states to choose to allow this, or not, in Article 80(2). We of course very much believe this should be legislated for.

There is a consultation being run by DCMS until Wednesday 10 May on all the different options allowed under the GDPR—and there are quite a few.

However, this consultation is another very disappointing piece of work. Shoddy, even, because it calls for evidence and views, but sets out no background at all for the consultation, so only experts can practically respond. It merely states:

Theme 9 – Rights and Remedies

Rights and Remedies

The derogations related to Rights and Remedies include articles:

Article 17 – Right to erasure (‘right to be forgotten’)

Article 22 – Automated individual decision-making, including profiling Article 26 – Joint controllers

Article 80 – representation of data subjects

Government would welcome your views on the derogations contained in the articles above. Please ensure that you refer to specific articles/derogations.

There is no way that an average reader could understand the implications of this consultation, which, just like the recent Home office consultation on the IP Act Codes of Practice, means that the consultation