On June 19, 2025, the UK enacted the Data (Use and Access) Act 2025, aiming to modernize data protection and e-privacy laws. Key provisions include introducing a new lawful basis for processing personal data for activities like fraud prevention and public health. The Act also relaxes rules on automated decision-making and cookie consent, broadens flexibility for data subject access requests, and lays the groundwork for digital ID systems and sector-specific data portability initiatives. Organizations should review their compliance programs to align with these changes.
