With the Data (Use and Access) Bill (DUA) currently at Committee Stage in the House of Lords, it seems a good time to summarise what we know so far about Labour's new data protection bill. What is interesting is the focus on retaining our adequacy status with the EU - which is up for review in June 2025. As a result, many of the measures proposed in the DPDI, which were designed to lessen the accountability obligations of the UK GDPR, have not been included in the DUA. So there is still a need for businesses to appoint a DPO when mandated. There are no plans to make changes in relation to the requirements for Records of Processing Activities or Data Protection Impact Assessment.
This blog provides you with a brief summary of the key data protection impact of the DUA.
On Wednesday 23 October 2024, the UK Government published its Data (Use and Access) Bill ("DUA"). It promised to "harness the enormous power of data to boost the UK economy by £10 billion" and "unlock the secure and effective use of data for the public interest".
The DUA mirrors many of the concepts and provisions from the previous Government's abandoned Data Protection and Digital Information Bill ("DPDI"), though there are subtle changes. The DUA appears to place greater focus on data sharing and digital.
It is worth noting that the EU is set to review the UK’s data transfer adequacy status in mid-2025. Maintaining adequacy status is vital to the UK. (Possibly) as a result, some of the more contentious issues included in the discarded DPDI have been removed from the DUA.
With the mid-2025 adequacy review date in mind, the government will undoubtedly try to get the Bill through as quickly as possible. After two readings in the House of Lords, the Bill is now at Committee Stage.
The key points of the DUA are:
This list can be updated ongoing subject to parliamentary approval.
It is worth noting that the European Court of Justice has consistently ruled that any interest that is legal may be a legitimate interest – i.e. that a purely commercial interest can be a legitimate interest.
In addition, when conducting an LIA, it is acceptable to take into account not only the benefits to the individuals, but also so the environment (e.g. paper reduction), economy (e.g. generating growth and spending budgets in a targeted manner).
With the upcoming adequacy review in mind, it seems likely that the government is trying to get the Bill through as quickly as possible – it has already had two readings in the House of Lords and is currently at Committee Stage in the House of Lords.
If you would like help or assistance with any of your data protection obligations, please email dc@datacompliant.co.uk or call 01787 277742, And, for more information about your accountancy obligations - both before and after the DUA comes into force, please see here.
Data Compliant International
International data protection consultants and DPOs.
22 Friars Street, Sudbury, Suffolk, CO10 2AA
Email: dc@datacompliant.co.uk
Tel No.: +44 (0) 1787 277 742
We need your consent to load the translations
We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.