What significant change does the data Use and Access Act 2025 introduce?

Asked by: Karina Keeling  |  Last update: June 10, 2026
Score: 4.6/5 (38 votes)

The Data (Use and Access) Act 2025 (DUAA) introduces significant changes by streamlining cookie consent for low-risk uses, creating "Smart Data" schemes for data sharing, broadening definitions for "scientific research," introducing "recognized legitimate interests" as a lawful basis, and clarifying rules for subject access requests and children's data, all aimed at balancing data innovation with privacy, particularly in the UK.

What are the changes in the data Use and Access Act?

The Act introduces a new lawful ground for processing personal data, giving businesses more confidence to use data for crime prevention, safeguarding, responding to emergencies, and other specified legitimate interests.

What is the data Use and Access Act 2025 privilege?

New legal professional privilege exemption: it allows you to restrict people's right to access their personal information if it is subject to legal professional privilege.

What is predicted in 2025 for data protection?

With 2025 expected to bring significant changes in the sector, key trends include: More stringent global regulations. Greater adoption of AI and machine learning for data protection. Increased use of advanced encryption and anonymization techniques.

What is the significance of the Data Protection Act?

Data protection law sets out what should be done to make sure everyone's data is used properly and fairly. You probably have personal data about your customers and clients such as names, addresses, contact details. You might even have sensitive information such as medical data.

Introduction to the Data Use and Access Act 2025

37 related questions found

What is the purpose of the Data Act?

The Data Act aims to boost Europe's data economy. One of its main objectives is to increase data-based value creation and promote innovation in Europe. Data from connected products and related services are at the centre of the Data Act.

What are the three rules of the Data Protection Act?

Data Protection Act 1998 principles

Principle 1 – Fair and Lawful. Principle 2 – Purposes. Principle 3 – Adequacy.

What major events will happen in 2025?

Events

  • Poland takes over the Presidency of the Council of the European Union, after the Hungarian presidency.
  • Bulgaria and Romania complete the process of joining the Schengen Area, lifting land border controls.
  • Liechtenstein becomes the 37th country to legalize same-sex marriage.

What is the theme of data protection 2025?

The Federal Privacy Council is proud to be a champion for Data Privacy Week 2025, a global effort to raise awareness about the importance of respecting privacy, safeguarding data, and enabling trust. The National Cybersecurity Alliance has announced that this year's Data Privacy Week theme is Take Control of Your Data.

Why is everyone updating their privacy policy in 2025?

TL;DR: State data privacy laws rapidly expanded in 2025, introducing new requirements for sensitive data, AI profiling, and universal opt-out signals. Businesses need adaptable, privacy-by-design compliance strategies to manage rising multi-state regulatory complexity.

What are the 7 key principles of the data protection Act?

Broadly, the seven principles are :

  • Lawfulness, fairness and transparency.
  • Purpose limitation.
  • Data minimisation.
  • Accuracy.
  • Storage limitation.
  • Integrity and confidentiality (security)
  • Accountability.

What is the 2025 data privacy law?

In 2025, roughly half of states with existing privacy statutes—including Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, and Kentucky—approved significant amendments that either expanded coverage to more businesses, refined key definitions, or enhanced regulator authority and enforcement tools.

What is the Privacy Act Modernization Act of 2025?

The Privacy Act Modernization Act of 2025

The Privacy Act Modernization Act strengthens protections for personal data held by the government, and makes it easier for Americans to sue for violations, like DOGE's unfettered access to Americans' sensitive personal information.

What are the two types of data access?

What are the types of data access?

  • Sequential access: Data is accessed in a specific, linear order, such as reading a file line by line. ...
  • Random (or direct) access: Data can be accessed at any point without reading previous data, such as accessing a specific record in a database using a key.

What are the two main goals of data protection and privacy laws?

Data privacy helps ensure that sensitive data is only accessible to approved parties. It prevents criminals from being able to maliciously use data and helps ensure that organizations meet regulatory requirements.

What will happen on July 9, 2025?

THE working class of the country is all set to go on a massive countrywide general strike on July 9, 2025. Standing shoulder to shoulder with the working class will be the peasantry – both peasants and agricultural workers, who will be flooding the streets across the country in solidarity with the workers.

What danger is coming in 2025?

Dangers for 2025 include escalating state-based armed conflicts, intensified climate crises (extreme weather, rising temperatures), worsening economic instability, threats from advancing AI and cyber-terrorism, and ongoing humanitarian crises in regions like the Middle East, Sudan, and Myanmar, all amplified by societal polarization and misinformation. The Doomsday Clock also reflects heightened risks, moving closer to midnight due to AI and nuclear threats. 

Who predicted the end of the world in 2025?

Nostradamus predictions 2025- Meteor Strike: A Cosmic Threat

Perhaps the most terrifying prediction involves a massive meteor or cosmic fireball threatening Earth. According to reports from Penn Live, Nostradamus ominously penned: “From the cosmos, a fireball will rise, A harbinger of fate, the world pleads.

Why is my iPhone saying my password appeared in a data leak?

An iPhone data leak password alert means a password in your iCloud Keychain was found in a list of credentials stolen from a third-party website or app during a breach; it doesn't mean your iPhone was hacked, but rather that the password you used on that compromised service is now vulnerable, requiring you to change it immediately on that site and others using the same password to prevent hackers from using it to access your accounts via techniques like credential stuffing.
 

What laws are going to change in 2025?

California has several laws set to take effect on January 1, 2025, including laws expanding protections against unlawful discrimination; prohibiting mandatory workplace meetings to discuss political or religious matters, including union organizing; and allowing employers to obtain temporary restraining orders (TROs) ...

What are my rights if my data has been breached?

What are my rights after a data breach? Your rights under federal law include: The right to be informed of data breaches. Any entity that experiences a data breach and compromises sensitive user information must disclose the nature of the breach and the sensitive information that may have been compromised.

What are the 7 golden rules of data protection?

The principles are: Lawfulness, Fairness, and Transparency; Purpose Limitation; Data Minimisation; Accuracy; Storage Limitations; Integrity and Confidentiality; and Accountability.

How can I protect my personal data?

Follow this advice to protect the personal information on your devices and in your online accounts.

  1. Keep Your Software Up to Date.
  2. Secure Your Home Wi-Fi Network.
  3. Protect Your Online Accounts with Strong Passwords and Two-Factor Authentication.
  4. Protect Yourself from Attempts To Steal Your Information.

What is not covered by data protection law?

Domestic purposes – personal data processed in the course of a purely personal or household activity, with no connection to a professional or commercial activity, is outside the UK GDPR's scope.