UPDATE — SEPTEMBER 2025: The Data (Use and Access) Bill [HL] 2024–25 remains at an early stage in the UK Parliament. After its formal First Reading in the House of Lords on 18 July 2024, the government has slated the Second Reading for 12 September 2025, the first substantive debate on the bill’s principles. No line-by-line scrutiny or amendments have occurred yet, and the Commons has not considered the legislation.
Since introduction, industry groups, digital rights organisations and regulators have flagged concerns around expanded biometric data retention, the replacement of the Information Commissioner with a new Information Commission (and what that means for independence), and how the bill’s new customer/business data access rights intersect with existing regimes like Open Banking and smart energy data sharing. Businesses in finance, telecoms and energy are monitoring closely, but no commencement timelines have been set and enforcement details remain to be determined pending Lords and Commons scrutiny.
ORIGINAL NEWS STORY:
UK Government Introduces Data (Use and Access) Bill to Regulate Data Sharing and Access
The UK Parliament recently introduced the Data (Use and Access) Bill in the House of Lords,, marking a major step toward modernizing how personal and business data is managed across the country. The bill, developed by the Department for Science, Innovation and Technology, aims to set clearer rules for data sharing, retention, and oversight in sectors ranging from finance to telecoms.
Strengthening Rules for Customer and Business Data
A central goal of the bill is to give customers more control over their data. Under the bill, businesses will need to let customers access their information or authorize a third party to handle it. Companies will also need to be transparent about how they collect, store, and share data. Additionally, the Secretary of State and the Treasury would gain the power to issue regulations requiring data holders to provide or correct customer information. Supporters say these measures could increase trust and promote innovation across the digital economy.
New Biometric Data Provisions
The bill also sets out stricter rules for collecting and storing biometric data. Building on earlier laws such as the Counter-Terrorism Act 2008, it proposes updated safeguards for the retention and use of biometric identifiers. This would be in both law enforcement and civil registries. It clarifies how pseudonymized biometric data should be handled and sets limits on retention periods. Although the bill allows authorities to use this data for security purposes, it also stresses the importance of privacy, secure storage, and clear legal boundaries.
Creation of an Information Commission
One major structural change in the bill is the creation of a new Information Commission. Which will replace the current Information Commissioner. Therefore, the new body would oversee compliance, investigate data breaches, and issue penalties. The Commission is expected to work with businesses, public authorities, and other stakeholders. This keeps the UK’s data protection system aligned with global standards.
Updates to Energy and Public Service Data Rules
The bill also includes provisions related to smart meters and public service data sharing. Energy Act 2008 amendments would expand the Gas and Electricity Markets Authority’s role in regulating smart meter communications licenses. By improving how energy data is handled, the government aims to increase transparency and strengthen system reliability. The bill also allows public authorities to share information more efficiently to improve service delivery, while maintaining privacy protections.
What Comes Next
The bill must now complete stages in the House of Lords and then undergo scrutiny in the House of Commons. Lawmakers will debate the details as the legislation moves forward.
Need Help?
Keeping track of the growing AI regulatory landscape can be difficult. Therefore, if you have any questions or concerns, don’t hesitate to reach out to BABL AI. Their Audit Experts can offer valuable insight, and ensure you’re informed and compliant.
