Research and analysis

Data (Use and Access) Bill IA: RPC opinion (green rated)

Regulatory Policy Committee opinion on the impact assessment (IA) relating to the Data (Use and Access) Bill

Documents

RPC opinion: Data (Use and Access) Bill

Request an accessible format.
If you use assistive technology (such as a screen reader) and need a version of this document in a more accessible format, please email [email protected]. Please tell us what format you need. It will help us if you say what assistive technology you use.

Details

The Data (Use and Access) Bill was introduced to Parliament on 23 October 2024 and seeks to update and simplify the UK’s data protection framework, It includes measures relating to areas such as digital identity and ‘smart data’ and other areas of policy.

The RPC previously issued a ‘fit for purpose’ opinion on the IA relating to the Data Protection and Digital Information (DPDI) Bill introduced in the previous parliament (in March 2023) - here.

The current IA sets out the differences between the present Data (Use and Access) Bill and the DPDI Bill. It provides sufficient evidence and analysis for the RPC to be able to validate a revised EANDCB figure. The assessment of impacts on small and microbusinesses is sufficient.

There are some areas for improvement in the wider analysis. The IA notes that indicative analysis of those measures in the current Bill, which formed part of the DPDI Bill, has been updated to reflect consultation responses, discussions with cross-government experts and external consultants, and assessment of the latest available literature. The present IA also assesses the impact of new measures included in the current Bill, which were not in the DPDI Bill, and where substantial changes have been made to previous proposals. These changes include:

  1. Previously separate legislation proposed in the last parliament to establish a National Underground Asset Register (NUAR) has been included in this Bill. An IA related to this was rated ‘fit for purpose’ by the RPC in October 2023; the present IA updates the analysis for this.
  2. Removal of measures reforming the accountability framework, subject access requests, data minimisation and anonymisation policies and high-risk processing.
  3. Revisions to other measures, including the addition of processing in reliance on relevant international law, power to add categories of sensitive processing, supporting police to retain biometrics received as part of international cooperation and clarifying conditions on the use of international processors by UK competent authorities.

Updates to this page

Published 25 October 2024

Sign up for emails or print this page