What happened
The Data Use and Access Bill, introduced on October 24, 2024, by the Department for Science, Innovation and Technology (DSIT), is the latest update in the UK’s data protection reform efforts, evolving from the previous Data Protection and Digital Information Bill (DPDIB). The bill seeks to streamline data management and access for citizens, businesses, and public services, while also refining various privacy protections and regulatory aspects.
Key proposals in the bill include:
Recognised Legitimate Interests: Certain activities, like public security, national security, emergencies, and safeguarding, are now considered “legitimate by default” and don’t require a full assessment.
Purpose Limitation: Expands conditions under which data processing for a new purpose is deemed compatible with the original data collection purpose.
Automated Decision-Making: The scope of Article 22 UK GDPR is limited to decisions using special category data, reducing individual rights over other types of automated decision-making.
Data Subject Rights: Retains amendments to Article 15 UK GDPR, with clearer rules on response times and a “reasonable and proportionate” data search requirement.
ICO Reform: Adds new powers for the Information Commissioner’s Office (ICO), allowing it to reject or charge for complaints it deems “manifestly unfounded or excessive.”
International Data Transfers: Adopts a data protection test to assess data adequacy for third-country transfers, as defined by the UK government.