On June 20th, the UK Parliament enacted the Data (Use and Access) Act 2025, a sweeping new law reshaping digital data rights, access, and governance in the post-GDPR era.
This law is about giving people and businesses in the UK, more control over their data. It allows access to personal and business information, sets rules for verifying people’s identities using digital services, and keeps track of information about things like underground cables and pipes.
It updates how birth and death records are managed and strengthens rules around privacy and how personal data is handled. It also creates a new Information Commission to oversee data and privacy matters.
The new law specified standards for how health and social care information should be managed, allows licenses for smart meter communication, and improves how data is shared to help deliver better public services. It also includes rules about keeping certain online information to help investigate the deaths of children and to support research on internet safety.
Other parts of the law deal with storing biometric data like fingerprints, using digital tools like electronic signatures and seals, and managing how AI systems can use copyrighted content. Individuals and businesses can now request and authorize third-party access to both customer and business data, including usage, pricing, and performance metrics. New definitions for consent (especially in scientific and law enforcement contexts), enhanced children’s data protection, and safeguards on automated decision-making have been added.
Kindly find attached the PDF of the new law: