The Data (Use and Access) Act 2025 is a comprehensive piece of legislation enacted in the UK to modernize data governance, enhance transparency, and regulate the use and sharing of data across sectors. It builds upon earlier frameworks like the Data Protection Act 2018 and the UK GDPR, addressing emerging challenges in digital verification, data privacy, and cross-sector data access. The Act reflects the growing importance of data in economic and public services, aiming to balance innovation with robust safeguards for individuals and businesses.
The Act is divided into eight parts, covering:
Access to Customer and Business Data: Establishes rules for data holders (e.g., traders) to share customer and business data with authorized parties, promoting competition and consumer rights while enforcing safeguards.
Digital Verification Services (DVS): Introduces a trust framework and register for reliable digital identity verification, including provisions for a "trust mark" to certify compliant services.
National Underground Asset Register: Mandates a centralized register for underground infrastructure data to improve safety and coordination in construction and utilities.
Registers of Births and Deaths: Modernizes record-keeping by transitioning to digital formats and streamlining administrative processes.
Data Protection and Privacy: Aligns with and expands the UK GDPR, clarifying lawful processing, consent requirements, and special categories of data. It also addresses automated decision-making and international data transfers.
The Information Commission: Replaces the Information Commissioner’s Office with a broader Information Commission to oversee data-related functions.
Other Provisions: Includes measures on smart meters, public service delivery, biometric data retention, and copyright issues related to AI.
Final Provisions: Covers technical aspects like enforcement, penalties, and transitional arrangements.
Key Themes:
Transparency: Enhances individuals' control over their data.
Innovation: Facilitates data sharing for research and public services.
Security: Strengthens protections for sensitive data and critical infrastructure.