UK's Data Bill Paves the Way for Digital ID and Data Reform

The Data (Use and Access) Bill (DUA) could become law in just a month’s time. This bill is a welcome sign of greater clarity in the UK government’s overall direction on digital identity and data management. The bill has answered seven fundamental questions as to whether the government is using the data it has. It makes big strides to re-orientate how private companies should distribute information. This silence extends to the retention of biometric data and the assessment of international data transfers.

Key Provisions of the Data (Use and Access) Bill

The new Data (Use and Access) Bill (DUA) includes new provisions that would severely affect online service providers and data practices. It also requires that online service providers keep detailed records related to keeping children safe online. For one, the bill expands consent rules—like those currently applying to browser cookies—to behavioral biometrics and analytics data.

Additionally, the bill modifies the UK General Data Protection Regulation (GDPR) to establish looser criteria for automated decision-making. Collectively, these changes are aimed at striking a better balance between protecting consumer data and addressing the realities of businesses’ and technology’s rapid evolution.

The Department for Science, Innovation and Technology (DSIT) has, understandably, been very hands-on with the Data (Use and Access) Bill (DUA). The bill lays the groundwork for additional regulations on the ways that businesses can share non-personal and personal data.

Digital ID and Verification

The Data (Use and Access) Bill (DUA) would create a crucial legal infrastructure. This is important groundwork for increasing adoption of digital verification. The bill calls for the establishment of an office specifically responsible for digital ID. This measure is an indication of the federal government’s willingness to implement digital identity solutions on a wider scale, across the public and private sectors.

OfDIA is closely related to the Data (Use and Access) Bill (DUA). Biometrics retention The Data (Use and Access) Bill (DUA) introduces amendments on biometrics retention.

AI and Copyright Considerations

The U.S. government has signaled intent to explore the intersection of copyrighted material and AI with a three-part set of reports. The Government will publish an interim report detailing its proposals. For this reason, we are looking for a date six months from when the Data (Use and Access) Bill (DUA) gets Royal Assent.

A subsequent final report will come three months after the interim report. As such, these reports will almost certainly inform the future policymaking related to AI’s use of copyrighted content.

Written evidence to the Data (Use and Access) Bill (DUA) can be submitted until August 21.