United Kingdom: Data (Use and Access) Bill including data protection authority governance was passed by House of Lords (Bill 40 of 2024–25)

On 5 February 2025, the Data (Use and Access) Bill was passed by the House of Lords. The Bill introduces a framework to regulate the access, sharing, and protection of customer and business data across various sectors. The Bill empowers the Secretary of State and the Treasury to create regulations governing how businesses must handle customer data, including provisions for customers or authorised persons to request their data. The Information Commissioner is tasked with enforcing these regulations, and the Bill includes a range of enforcement mechanisms, such as financial penalties and compliance notices for non-compliance. Interface bodies may be established to oversee data-sharing frameworks, ensuring that businesses adhere to the regulations. In the financial services sector, the Financial Conduct Authority (FCA) is given powers to impose additional data-sharing requirements, monitor compliance, and issue penalties for breaches. Further provisions address the use of data for public services, such as improving smart meter communication services and the retention of information by internet service providers in investigations related to child deaths.