Question to the Department for Science, Innovation & Technology:

To ask Her Majesty's Government what steps they are taking to ensure that online platforms operating in the UK comply with data access and privacy requirements, in light of recent regulatory scrutiny of messaging services.

All organisations in the UK that provide online and messaging services to their customers have to comply with the requirements of UK’s data protection and privacy framework, as set out in the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA) and the Privacy and Electronic Communications Regulations 2003 (PECR). The UK GDPR and the DPA also apply to online platforms based outside of the UK that are processing UK residents’ data for the purposes of providing goods and services or monitoring behaviour.

As such, the handling of people’s data by online platforms should be lawful, fair, transparent and secure. The data protection legislation gives people the right to be informed about the collection and use of their personal data, as well as rights to request access to their data, object to its processing or seek its erasure.

The Information Commissioner, the UK’s independent regulator for data protection, publishes a range of guidance to help organisations comply with the legislation and has the power to investigate and impose penalties for non-compliance.