Shirt a Phobia

Sample Page

The Data (Use and Access) Act 2025 (c. 18) (DUAA) is an act of the Parliament of the United Kingdom concerned with data protection. The act makes changes primarily to the operation of the UK’s General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.[1] The act passed into law on 19 June 2025.[2]

The provisions of the act are being implemented “slowly”, in stages:[3] the initial implementation of certain aspects of the new law took effect on 19 and 20 August 2025.[2]

The act also includes a variety of other measures. This includes legislating against the creation, or the request for creation, of intimate images of another person who has not consented to this, for example by using Generative AI.[4] On 12 January 2026, technology minister Liz Kendall announced this would be enabled that week, in response to the Grok AI image generation scandal.[5]

The Information Commissioner’s Office (ICO) is responsible for publishing regulatory guidance on the act.[1]

Notes

  1. ^ Section 144.
  2. ^ Section 141.
  3. ^ Section 142.

References

  1. ^ a b Department for Science, Innovation and Technology, Data (Use and Access) Act factsheet: UK GDPR and DPA, published on 27 June 2025, accessed on 28 October 2025
  2. ^ a b Information Commissioner’s Office, Data (Use and Access) Act 2025, accessed on 28 October 2025
  3. ^ Osborne Clarke, Data law | UK Regulatory Outlook September 2025: Data (Use and Access) Act implementation: approximate timetable published, published on 25 September 2025, accessed on 28 October 2025
  4. ^ Milmo, Dan; Gentleman, Amelia (9 January 2026). “Grok AI: is it legal to produce or post undressed images of people without their consent?”. The Guardian. Retrieved 12 January 2026.
  5. ^ “Creating AI sexualised images to become criminal offence this week”. Sky News. Retrieved 13 January 2026.

Further reading