UK Data (Use and Access) Bill
The Data (Use and Access) Bill had its first reading in the Lords on 23 October 2024. This step is merely a formal introduction of a bill. No date has yet been set for its debate in the Lords. The bill will need to pass through the House of Lords and then the Commons before it can receive royal assent and become law. It is however supported by the ruling Labour party so will probably have a relatively easy ride. The previous government’s UK – Data Protection and Digital Information (No. 2) Bill covered some similar ground but was dropped on 24th April 2024.
The official summary for the new Bill is that it will regulate digital identity providers. This would include services such as a credit checker, profession based discount scheme or banking through a phone app. There are no plans to bring in digital identity cards and use of digital identity services will be voluntary. Approved providers will need to follow rules on implementing data privacy including preventing them ‘profiling’ their users for 3rd party marketing.
In wider terms the Bill intends to ‘unlock the secure and effective use of data for the public interest’. It will do this with new rules and safeguards on how data is shared and used particularly within public services. In a rare case of getting its ducks in a row the data sharing principle supports the NHS Federated Data Platform. Kindus has already discussed that the current laws might act against this computerised solution. The Bill could also ease any legal issues with a planned move to allow patients full access to their medical records on an NHS App. The UK Data (Use and Access) Bill will probably overcome these issues although not any underlying problems from sharing personal data.
Details within the law will probably change as it is debated in Parliament but core concepts include:
- Digital verification services will be governed by a register and trust framework.
- Information standards are set for UK Health and Social Care.
- Underground assets such as pipes and cables will be logged in a national register.
- Research will be easier with a new research data access regime.
- New controls on automated decision making software.
Some updates will involve modifying existing legislation including the 2018 UK GDPR Act and Data Protection Act 2018.