The UK’s Data (Use and Access) Bill – proposals to facilitate the future of open banking and establish open finance in the UK

The UK’s Data (Use and Access) Bill had its first reading in the House of Lords on 23 October 2024. Like the (now defunct) Data Protection and Digital Information Bill before it, it proposes broad provisions to facilitate increased data portability in the UK. Part 1 of the new Bill sets out provisions to facilitate the creation of regulations requiring the real-time sharing of data – it is expected that these powers will be used to develop the UK’s approach to open banking and to establish an open finance regime in the UK (as well as similar regimes in other sectors and industries). 

The Bill also contains proposed reforms to UK data protection law - see a recent article published by Bird & Bird available here.

Wide powers

The Bill puts forward broad powers for the Secretary of State and the Treasury to issue regulations to facilitate the sharing of customer data (generally, data relating to a customer’s relationship with a business supplying or providing good, services, or digital content) and business data (contextual information about the goods, services and digital content that traders supply or provide that does not relate to individual customers).

The regulations could require:

• traders to provide customer data to customers or third parties authorised by the customer to receive the data; and
  
• traders to publish business data or provide business data to a customer to whom the business data relates or other third-party recipients.

There are ancillary provisions which enable the regulations to ensure that this data sharing can be effective – for example, a power to enable or require traders to collect and retain data (to help make sure that there is data on hand for disclosure) and a power to enable or require a data holder to make changes to customer data including rectification of inaccurate data (leading to an accuracy obligation in relation to non-personal data, which is not covered by the accuracy requirement under UK GDPR).

The Bill leaves it to the regulations to set out the specifics of the smart data scheme. It is anticipated that the government will adopt regulations that target specific industries and provide more details on the procedural and technical aspects underpinning the data sharing ecosystem. 

There are specific provisions that apply to the financial services sector. The Bill, amongst other things, sets out that the Treasury may issue regulations requiring or enabling the FCA to impose requirements regarding the provision and use of prescribed interfaces to facilitate the data sharing and to make rules relating to fees. 

Open banking and open finance

The government factsheet supporting the Bill indicates that the intention of these provisions is to support the growth of new “smart data schemes” to allow consumers and businesses who want to safely share information about them with regulated and authorised third parties. 

The Bill’s wide powers are not limited to particular sectors or industries. Though it is very clear that the UK government intends to use these powers to develop open banking and to establish open finance. In line with the government’s election manifesto, the UK Treasury’s National UK Payments Vision, notes that the intention is to transition the UK’s current open banking framework into a “sustainable longterm regulatory framework” and for the UK to “be a world leader in open finance”. A explanatory memorandum from the Department for Science, Innovation and Technology provides further detail on the intentions behind the Bill. It notes, in particular, that the proposed expansion to business data is necessary to enable continuation of certain aspects of the open banking scheme.

We have already seen developments in the EU following the EU’s policy to adopt legislative measures on data governance, access and reuse. In the financial services space, this has included the proposed Payment Services Regulation (known as PSD3) and the proposed Financial Data Access Regulation (known as FIDAR).