A Bill to make provision for the regulation of the processing of information relating to identified or identifiable living individuals; to make provision about services consisting of the use of information to ascertain and verify facts about individuals; to make provision about access to customer data and business data; to make provision about privacy and electronic communications; to make provision about services for the provision of electronic signatures, electronic seals and other trust services; to make provision about the disclosure of information to improve public service delivery; to make provision for the implementation of agreements on sharing information for law enforcement purposes; to make provision about the keeping and maintenance of registers of births and deaths; to make provision about information standards for health and social care; to establish the Information Commission; to make provision about oversight of biometric data; and for connected purposes.
House of Commons
23 September 2024
May contain errors — check source documents for definitive information.
The Data Protection and Digital Information Bill aims to simplify UK data protection rules, create a new Information Commission, and expand the framework for data sharing, digital identities and health data standards, while maintaining strong privacy protections. It sets up a governance structure for digital identity services and new data-sharing pilots (Smart Data and Third-Party Data) and updates across several sectors, with ongoing scrutiny in the Lords at Committee Stage. The bill has spawned a range of technical amendments that focus on governance, accountability, and how data can be shared or used in practice while remaining aligned with EU adequacy considerations.
The bill is in the Lords, Committee Stage, with numerous technical amendments already agreed or debated. Key changes have focused on governance (ICO and OfDIA), data-sharing rules, direct-marketing exemptions, and devolution-linked regulation powers, while opposition amendments were largely not adopted.
Generated 21 February 2026
8 Mar 2023
17 Apr 2023
17 Apr 2023
17 Apr 2023
17 Apr 2023
17 Apr 2023
10 May 2023, 16 May 2023, 18 May 2023, 23 May 2023
8 Nov 2023
8 Nov 2023
29 Nov 2023
29 Nov 2023
6 Dec 2023
19 Dec 2023
7 Feb 2024
20 Mar 2024, 25 Mar 2024, 27 Mar 2024, 15 Apr 2024, 17 Apr 2024, 22 Apr 2024, 24 Apr 2024
Showing agreed, defeated, and withdrawn amendments.
The 2023-24 session of Parliament has prorogued and this bill will make no further progress.
A Lords letter defending the Data Protection and Digital Information Bill’s Third-Party Data measure, which would let designated third parties (initially banks) supply limited account data to help verify eligibility for benefits and reduce fraud and error in Universal Credit and other payments. It emphasises safeguards (data minimisation, human review, a forthcoming Code of Practice and affirmative secondary regulations), a test‑and‑learn rollout from 2025, and expected savings (about £600m by 2028/29 and up to £1.9bn over 2025–2035), while stressing it is not a surveillance or unfettered data‑gathering power and will protect vulnerable claimants.
The letter provides the government’s responses to committee-stage questions on the Data Protection and Digital Information Bill, including cookies, the telecoms duty to notify the ICO of unlawful direct marketing, the move to a single electronic birth and death register with flexible registration (including telephone options), and NUAR uptake figures. On deepfakes, it explains amendments would be addressed mainly by the Criminal Justice Act and Online Safety Act, argues against broad duties on developers and platforms that could chill free expression, and reiterates existing offences and safeguards. It also covers updates to the Age-Appropriate Design Code, risk assessments for high-risk processing, and ongoing work on AI/data risks and child-safety measures.
Viscount Camrose's letter provides government replies to questions raised during Committee stages of the DPDI Bill. It notes enforcement transparency for international data transfers (including the Equifax case) and cross-border safeguards via Global CAPE; explains Ofcom's development of codes of practice, evidence use, risk mitigation, and support for academic researchers. It also covers the ICO complaints regime and how data-protection cases are distributed between tribunals and courts, plus biometrics oversight reforms (no separate Biometrics Office; ICO oversight retained) and assurances that the reforms will preserve EU adequacy.
No recorded votes for this bill yet.
