Documents to download

The Data (Use and Access) Bill [HL] was introduced in the House of Lords on 23 October 2024 where it completed its stages on 5 February 2025. The bill had its first reading in the House of Commons on 6 February 2025. Second reading is scheduled for 12 February 2025.

The bill is broadly similar to two earlier bills introduced under previous Conservative governments, neither of which progressed.

What are the bill’s policy objectives?

The Labour Party manifesto included a commitment to “deliver data-driven public services, whilst maintaining strong safeguards and ensuring all of the public benefit” (PDF).

The government has said the bill has three core objectives:

  • growing the economy
  • improving UK public services
  • making people’s lives easier

According to the government, the bill would “harness the enormous power of data to boost the UK economy by £10 billion, and free up millions of police and NHS staff hours”.  It would “unlock the secure and effective use of data for the public interest, without adding pressures to the country’s finances”. A government press release has said the bill’s measures will be central to delivering three of the government’s five missions to “rebuild Britain”:

  • kickstarting economic growth
  • taking back our streets
  • building an NHS fit for the future

The government has published factsheets on the bill’s objectives:

What would the bill do?

The bill has seven parts:

  • Part 1 covers access to customer and business data and aims to enable “smart data” to be used in sectors other than its current use in open banking in the finance sector
  • Part 2 would regulate the provision of digital verification services through the creation of a trust framework, a register of providers, an information sharing gateway, and a trust mark
  • Part 3 would put the national underground asset register on a statutory footing
  • Part 4 would update the way births and deaths are registered, moving from a paper-based system to an electronic register used by officials
  • Part 5 would make changes to the UK’s data protection regime
  • Part 6 would abolish the Information Commissioner’s Office and transfer its functions to a new body, the Information Commission
  • Part 7 would, among other things, make further provision about the use of, or access to, data in the following areas:
    • health and social care
    • smart meter communication services
    • public service delivery
    • online safety

Where would the bill take effect?

Data protection is a reserved matter so the bill’s changes to the Data Protection Act 2018 and the UK General Data Protection Regulation would extend to the whole of the UK, apart from one provision relating to the Information Commission’s seal, which does not extend to Scotland.

Other provisions in the bill would require legislative consent motions from the devolved administrations – for example, in relation to smart data. Annex A to the explanatory notes gives detailed information on the bill’s territorial extent and application.

More on the bill

The government has published supporting documents on the bill, including several impact assessments, a delegated powers memorandum, and a European Convention on Human Rights memorandum.

The bill in the House of Lords

The bill [HL Bill 40] (PDF) was originally introduced in the House of Lords on 23 October 2024. It had its second reading in the Lords on 19 November 2024. The bill was considered in committee over four sittings between 3 December and 18 December 2024.

Report stage took place on 21 and 28 January 2025. The government was defeated on amendments relating to:

  • digital verification services
  • the national underground asset register
  • the meaning of research and statistical purposes
  • copyright, web crawlers and AI
  • adding a data dictionary to the bill

The bill had its third reading in the Lords on 5 February 2025. A government amendment was agreed that would protect children’s personal data and ensure that online services likely to be accessed by children would be designed with their safety and privacy in mind.

Also at third reading, the Lords considered another government amendment to introduce an offence of creating of ‘deepfake’ intimate images without consent. It was agreed, but only after it had been amended (through amendments moved by Baroness Owen of Alderley Edge) to include an offence of soliciting creation, remove a defence of reasonable excuse, and allow for a custodial sentence as well as a fine.

Reaction to the bill

The Information Commissioner (ICO) is responsible for promoting and enforcing UK data protection law. The ICO has said the bill’s proposed changes “are pragmatic and proportionate amendments to the UK regulatory landscape”. These would “align well with the ICO’s enduring objectives and provide sufficient flexibility” for the ICO to respond to regulatory challenges.

Tech UK, the technology and trade association, has said the bill is “a welcome effort from the new government to unlock the power of data and marks an important step in modernising the UK’s data protection framework”.

The Direct Marketing Association, the UK trade association for the data and marketing industry, has said it fully supports the “government’s vision to unlock the power of data to grow the economy and improve people’s lives”.

The Open Rights Group, an organisation campaigning to protect digital rights and privacy, has said the bill is “a positive development and a step in the right direction”.  However, the group has concerns about some of the bill’s provisions, particularly in relation to the use of new technologies such as Artificial Intelligence (AI). It has sent an open letter to Peter Kyle, the Secretary of State for Science, Innovation and Technology asking the government to “scrap proposals to remove the right not to be subject to decisions made by automated or AI systems”.

Big Brother Watch, a civil liberties group, has claimed that the bill “contains grave threats to privacy and data protection rights in the UK” (PDF).


Documents to download

Related posts