UK Government Introduces New Data Governance Legislation

The UK government has introduced new legislation to govern personal data use and sharing through digital technologies.

The Data (Use and Access) Bill provides a framework for digital verification services, enabling companies who provide tools for verifying identities to gain a government certified “trust mark.”

The trust mark will be a new logo to show digital verification services are approved by the newly created Office for Digital Identities and Attributes (OfDIA) within the Department for Science, Innovation and Technology (DSIT).

This is designed to boost trust in the security and privacy of digital verification services, leading to increased efficiency across different areas of life, including collecting parcels, opening bank accounts and moving house.

Commenting on the digital verification component of the bill, Julie Dawson, Chief Policy & Regulatory Officer at Yoti, said: The establishment of the Digital Verification Service (DVS), which builds on and expands the previous Digital Identity & Attributes Trust Framework into a broader and more structured regulatory foundation, will enhance confidence in digital identities. This will enable individuals and businesses to securely access services, reduce fraud, and strengthen data privacy protections.”

The previous Conservative government had in 2022 unveiled plans to introduce legislation to improve the security of digital identity solutions, including the creation of the ODIA to issue an easily recognized trustmark to certified digital identity organizations.

In September 2024, the EU unveiled the European Digital Identity (EUDI) Regulation, which will mandate member states to offer citizens and businesses Digital Identity Wallets. This regulation will force digital ID providers to adhere to cybersecurity requirements to boost confidence in these solutions.

Public Services’ Access to Personal Data

The bill also contains measures to enable NHS staff and police forces to more easily access personal data, designed to improve efficiency and reduce costs across these services.

NHS Trusts, GP surgeries and ambulance services will be allowed to access patient health information in real time. This will require IT suppliers for the health and care sector to ensure their systems meet common standards to enable data sharing across platforms. The government estimates this will free up to 140,000 hours of NHS staff time every year.

Police officers will no longer have to undergo manual logging requirements whenever accessing personal data to work on a case, for example when they need to look up a suspect or person of interest on the police database. It is estimated this will free up to 1.5 million hours of police officers time per year.

The government said that “vital safeguards” will be in place to track and monitor how personal data is used across these services.

Technology Secretary Peter Kyle commented: “With laws that help us to use data securely and effectively, this Bill will help us boost the UK’s economy, free up vital time for our front-line workers, and relieve people from unnecessary admin so that they can get on with their lives.”

Another component of the bill is the creation of a researcher data access regime, which can support independent research of online safety trends.

Revamped Information Commissioner’s Office

The UK’s data protection regulator, the Information Commissioner’s Office (ICO), will be revamped with a new structure and powers of enforcement under the law.

The ICO will be renamed the Information Commission, with the office of Information Commissioner abolished.

The Data (Use and Access) Bill was introduced to Parliament on October 23, and has undergone its first reading in the House of Lords.