UK Data (Use and Access) Bill

The Data (Use and Access) Bill had its first reading in the Lords on 23 October 2024.  This step is merely a formal introduction of a bill.  No date has yet been set for its debate in the Lords.  The bill will need to pass through the House of Lords and then the Commons before it can receive royal assent and become law.  It is however supported by the ruling Labour party so will probably have a relatively easy ride.  The previous government’s UK – Data Protection and Digital Information (No. 2) Bill covered some similar ground but was dropped on 24th April 2024.

The official summary for the new Bill is that it will regulate digital identity providers.  This would include services such as a credit checker, profession based discount scheme or banking through a phone app.  There are no plans to bring in digital identity cards and use of digital identity services will be voluntary.  Approved providers will need to follow rules on implementing data privacy including preventing them ‘profiling’ their users for 3rd party marketing.

In wider terms the Bill intends to ‘unlock the secure and effective use of data for the public interest’.  It will do this with new rules and safeguards on how data is shared and used particularly within public services.  In a rare case of getting its ducks in a row the data sharing principle supports the NHS Federated Data Platform.  Kindus has already discussed that the current laws might act against this computerised solution.  The Bill could also ease any legal issues with a planned move to allow patients full access to their medical records on an NHS App. The UK Data (Use and Access) Bill will probably overcome these issues although not any underlying problems from sharing personal data.

Details within the law will probably change as it is debated in Parliament but core concepts include:

  • Digital verification services will be governed by a register and trust framework.
  • Information standards are set for UK Health and Social Care.
  • Underground assets such as pipes and cables will be logged in a national register.
  • Research will be easier with a new research data access regime.
  • New controls on automated decision making software.

Some updates will involve modifying existing legislation including the 2018 UK GDPR Act and Data Protection Act 2018.

More from Security

04/12/2024

Sitting Duck Attacks

The Sitting Duck attack revolves around taking control of a domain and then using it to distribute malware or as a source for phishing …

Read post

25/11/2024

Developers Hit By Compromised Software Packages

A Typosquat campaign uses slight variations on well-known names to mislead a user to access a rogue rather than genuine asset.  It is well …

Read post

28/10/2024

Zero-Day Attacks

In October 2024 Google Mandiant reported on 138 exploited vulnerabilities since 2023.  They concluded there had been an increase in the number and speed …

Read post

14/10/2024

SSL Certificate Renewal

SSL/TLS authentication is part of the encryption suite to ensure that a requester is who they say they are and to grant or refuse …

Read post

Sign Up

Sign up to our newsletter list here.

    Successful sign up

    Thank you for signing up to our newsletter list.

    Check your inbox for all the latest information from Kindus

    Categories