Published on Mar 18, 2025
The UK's Data (Use and Access) Bill was introduced to Parliament in October 2024 and is making significant progress though the legislative process. It aims to streamline data sharing and usage in the UK by allowing organisations to access and use personal data more easily for research, public service improvement, and economic growth. It’s trying to balance the promotion of innovation whilst protecting individuals’ data and protecting their privacy rights.
As it progresses through legislative stages, several key changes have emerged that will impact businesses, individuals, and the broader digital landscape. Some of these include:
Under the current UK General Data Protection Regulation (GDPR), organisations relying on "legitimate interests" as a lawful basis for data processing must ensure these interests do not override individual rights. The new Bill proposes a list of "recognised legitimate interests," including crime prevention and national security, where this is not required.
This is one of the most contested parts of the Bill and will doubtless be endlessly debated until the Bill is passed in whatever form. The debate is about whether automated decisions and protections of an individual’s rights should be weakened or strengthened. Proposed changes include the removal of the general prohibition (subject to safeguards) and further restrictions about decisions involving special category data, such as health information.
Procedures which are currently in the Information Commission Office’s guidance are being made statutory.
Procedures which are currently in the Information Commission Office’s guidance are being made statutory. But these differ in material respects from the EU GDPR.
Amendments in the House of Lords have introduced the concept of "higher protection matters" concerning children's data. Controllers are now required to consider how best to protect and support children using their services, acknowledging that children may be less aware of data processing risks. This change reinforces the need for businesses to implement strict measures when handling data related to children.
Recent amendments require increased transparency from web crawlers and AI developers. They must disclose their data collection practices, particularly when accessing copyrighted content. This move aims to protect intellectual property rights.
The Bill proposes abolishing the existing Information Commissioner's Office and replacing it with a new Information Commission. This change is intended to enhance regulatory oversight and adapt to the developing data landscape, ensuring more effective governance and enforcement of data protection laws.
As the Data (Use and Access) Bill advances through Parliament, businesses need to stay informed and understand how these changes may affect their operations and rights. Balancing innovation with privacy remains a core theme, with the aim of positioning the UK as a leader in the global digital economy whilst still safeguarding individual data rights.
To learn more about the latest developments and implications of the new Data (Use and Access) Bill, join our expert presenter, Mark Weston, on our course The New Data (Use and Access) Bill running on various dates throughout the year.
Published on Mar 18, 2025 by Mark Weston