Question to the Department for Science, Innovation & Technology:

To ask the Secretary of State for Science, Innovation and Technology, what assessment she has made of the effectiveness of current obligations of tech companies to communicate to customers about how their data will be used.

The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA) impose obligations on tech companies to process customers’ personal data lawfully, fairly, transparently and securely, unless certain limited exemptions apply. Organisations must only process personal data where there are legitimate grounds to do so, and be clear with people about how and why their data is being used, such as through privacy notices.

The data protection legislation is monitored and enforced independently of Government by the Information Commissioner’s Office (ICO). The ICO has published guidance on transparency requirements here: https://ico.org.uk/for-organisations/advice-and-services/audits/data-protection-audit-framework/toolkits/accountability/transparency/.