Contents

Personal data

Policy actions sorted A-Z.

Create a strong data protection organisation

A data protection organisation, which understands current risks and capabilities, exists to protect people’s information rights.

Examples

Commentary

Related policy actions: Data protection, Personal data, Regulation

Link to this policy action

Enable access to digital products and services after death

People have the right to pass on or delegate access to digital products and services after they die so that their digital legacy can be maintained by a trusted person. New organisations may be required to oversee this process.

Examples

Commentary

Definitions

Related policy actions: Fair and clear ownership, Personal data, Social networks

Link to this policy action

Enable people to access data held about them in an agreed format

People have the right to directly access, in a standardised format, data held on them by data controllers so they can understand what is held about them, by whom, correct errors and reuse the data elsewhere.

Examples

Commentary

Definitions

Related policy actions: Disclosure, Markets, Personal data, Redress

Link to this policy action

Enable people to move their data between services

People have the right to port their data between service providers so that they have genuine choice of providers. This is distinct from “enable people to access data held about them in an agreed format” as the particular data about a consumer isn’t readily accessible to them, but a transfer between services can be made.

Examples

Commentary

Definitions

Related policy actions: Choice and competition, Markets, Personal data, Redress, Regulation, User experience

Link to this policy action

Enable people to request and correct data held about them

People have the right to find and request access to data held about them by data controllers so that they can understand what is held about them, by whom and correct errors.

Examples

Commentary

Related policy actions: Data protection, Personal data, Regulation, Transparency

Link to this policy action

Enable people to view access history of data held about them

People can access a history of who has viewed data held about them, so they can understand what is happening to their data and spot fraud and misuse.

Examples

Commentary

Related policy actions: Data protection, Fraud, Personal data, Redress, Regulation, Security, Transparency

Link to this policy action

Establish digital personhood

Establish the legal concept of “digital personhood” so that rights afforded to people in the physical world are made applicable on digital platforms.

Examples

Commentary

Related policy actions: Fair and clear ownership, Legislation, Personal data, Regulation

Link to this policy action

Maintain a register of data controllers

The national data regulator maintains a searchable database of data controllers so consumers can find their point of contact and easily retrieve their data policies.

Examples

Commentary

Related policy actions: Infrastructure, Open data, Personal data, Regulation

Link to this policy action

Provide for the right to be forgotten

Legislation that allows private individuals to request a data controller removes outdated or inaccurate information that might cause personal distress.

Examples

Commentary

Related policy actions: Personal data, Privacy, Regulation

Link to this policy action

Regulate the processing of children's data

Digital services should be forced to be limit the way they use children’s data. This ensures children’s right to privacy is maintained when they may not be in a position to make their own consent decisions.

Examples

Commentary

Related policy actions: Data protection, Personal data, Privacy

Link to this policy action

Require services to monitor for consumer fraud

The law requires services to monitor for suspicious authentication, for example signing in from another country, so fraud and data theft can be prevented.

Examples

Commentary

Related policy actions: Disclosure, Fraud, Personal data, Security

Link to this policy action

Require the reporting of data breaches

Data controllers are compelled to publicly report data breaches so that the public know it has occurred and can take action where possible and to incentivise data controllers to maintain secure data handling practices.

Examples

Commentary

Definitions

Related policy actions: Data protection, Disclosure, Personal data, Privacy, Regulation, Security, Transparency

Link to this policy action

Require the use of multi-factor authentication

The law requires the use of strong customer authentication for certain kinds of service.

Examples

Commentary

Definitions

Related policy actions: Data protection, Personal data, Regulation, Security

Link to this policy action

Right to consumer privacy

Data controllers handle and protect personal data that is generated through consumer transactions to protect the privacy of consumers.

Examples

Commentary

Related policy actions: Access, Data protection, Education and awareness, Personal data, Privacy, Redress, Regulation

Link to this policy action

Set and enforce data security standards

Government or industry bodies agree a set of standards for securing specific data and transaction types so that people can expect a minimum level of security.

Examples

Commentary

Related policy actions: Data protection, Personal data, Privacy, Security

Link to this policy action

Set maximum terms for consent refresh

Consumers should be asked to renew their consent for data to be shared after a maximum period to ensure they are aware their data is being used and to provide an opportunity to reassess whether they want their data to be used.

Examples

Commentary

Related policy actions: Fair and clear ownership, Personal data

Link to this policy action

Set maximum terms for data retention

Set a limit on how long digital services can keep data after collection to mitigate the risk that old data may not reflect consumers at present.

Examples

Commentary

Related policy actions: Personal data

Link to this policy action

Set punitive measures for data breaches

Laws and processes exist to prosecute data controllers in the event of a data breach. Punitive measures are intended to incentivise data controllers to better protect consumers data to avoid punishment.

Examples

Commentary

Related policy actions: Data protection, Personal data, Privacy, Regulation

Link to this policy action