Question to the Department for Science, Innovation & Technology:

To ask the Secretary of State for Science, Innovation and Technology, what steps his Department is taking to help prevent the public provision of personally identifiable information online.

All organisations in the UK that process personal data must comply with the requirements of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA).

The legislation sets out a series of principles with which organisations must comply. These include the need to process personal data lawfully, fairly, transparently and securely, unless certain limited exemptions apply. The legislation also gives people rights in relation to their personal data, such as the right to seek access to it, object to its processing or seek its erasure.

The legislation does not prevent individuals posting personal data online if it is done for domestic purposes, such as messaging friends, or sharing photos with their social networks, but the platforms that host the data will be subject to the legislation.

If individuals are concerned that organisations are processing their personal data unlawfully, they can complain to the Information Commissioner's Office which is responsible for regulating the legislation.