Data Protection Act 2018

Alert Sample

View the Parallel Parliament page for the Data Protection Act 2018

Information since 20 Sep 2025, 6:39 p.m.

Data Protection Act 2018 mentioned

Parliamentary Debates
Crime and Policing Bill 187 speeches (42,503 words) Committee stage Thursday 5th February 2026 - Lords Chamber Home Office Mentions: 1: Lord Katz (Lab - Life peer) recognised globally for having one of the most robust data protection regimes, anchored in the Data Protection Act - Link to Speech
Cyber Security and Resilience (Network and Information Systems) Bill (Second sitting) 125 speeches (27,382 words) Committee stage: 2nd sitting Tuesday 3rd February 2026 - Public Bill Committees Department for Science, Innovation & Technology Mentions: 1: Chris Vince (LAB - Harlow) now, in the UK, they do not need to rely only on access to critical infrastructure; under the Data Protection Act - Link to Speech 2: Tim Roca (Lab - Macclesfield) worry that there might be more legitimate access to data than there is right now under the Data Protection Act - Link to Speech
Children’s Wellbeing and Schools Bill 80 speeches (21,393 words) Tuesday 3rd February 2026 - Lords Chamber Department for Work and Pensions Mentions: 1: None because of the new general data protection override in section 183A and effect of 183B of the Data Protection Act - Link to Speech
Crime and Policing Bill 85 speeches (20,334 words) Committee stage: Part 2 Monday 2nd February 2026 - Lords Chamber Northern Ireland Office Mentions: 1: None is no longer needed because of the general data protection override in section 183A of the Data Protection Act - Link to Speech
Children’s Wellbeing and Schools Bill 201 speeches (47,785 words) Wednesday 28th January 2026 - Lords Chamber Department for Work and Pensions Mentions: 1: None the protection provided by the new general data protection override in section 183A of the Data Protection Act - Link to Speech 2: None the protection provided by the new general data protection override in section 183A of the Data Protection Act - Link to Speech 3: None the protection provided by the new general data protection override in section 183A of the Data Protection Act - Link to Speech
Crime and Policing Bill 64 speeches (18,125 words) Committee stage part one Tuesday 27th January 2026 - Lords Chamber Home Office Mentions: 1: None A modest, targeted change to the Data Protection Act or UK GDPR would make that possible. - Link to Speech
Crime and Policing Bill 109 speeches (27,388 words) Committee stage Thursday 22nd January 2026 - Lords Chamber Home Office Mentions: 1: None is no longer needed because of the general data protection override in section 183A of the Data Protection Act - Link to Speech
Crime and Policing Bill 100 speeches (27,508 words) Committee stage: Part 1 Tuesday 20th January 2026 - Lords Chamber Home Office Mentions: 1: Lord Katz (Lab - Life peer) will be no penalty for not having one.Law enforcement use of data is governed by Part 3 of the Data Protection Act - Link to Speech
Children’s Wellbeing and Schools Bill 30 speeches (5,918 words) Monday 19th January 2026 - Lords Chamber Department for Work and Pensions Mentions: 1: None the protection provided by the new general data protection override in section 183A of the Data Protection Act - Link to Speech 2: None the protection provided by the new general data protection override in section 183A of the Data Protection Act - Link to Speech 3: None the protection provided by the new general data protection override in section 183A of the Data Protection Act - Link to Speech 4: None the protection provided by the new general data protection override in section 183A of the Data Protection Act - Link to Speech 5: None the protection provided by the new general data protection override in section 183A of the Data Protection Act - Link to Speech 6: None the protection provided by the new general data protection override in section 183A of the Data Protection Act - Link to Speech
Crime and Policing Bill 161 speeches (47,775 words) Committee stage Thursday 15th January 2026 - Lords Chamber Home Office Mentions: 1: Lord Hanson of Flint (Lab - Life peer) recognition technology is already subject to safeguards, including the Human Rights Act and Data Protection Act - Link to Speech 2: Lord Hanson of Flint (Lab - Life peer) device, nothing in this legislation changes the existing duties on the police imposed by the Data Protection Act - Link to Speech 3: None is no longer needed because of the general data protection override in section 183A of the Data Protection Act - Link to Speech
Children’s Wellbeing and Schools Bill 100 speeches (23,099 words) Wednesday 14th January 2026 - Lords Chamber Department for Work and Pensions Mentions: 1: None the protection provided by the new general data protection override in section 183A of the Data Protection Act - Link to Speech 2: None the protection provided by the new general data protection override in section 183A of the Data Protection Act - Link to Speech 3: Baroness Blake of Leeds (Lab - Life peer) developments.Section 106 of the 2025 Act introduced a general data protection override into the Data Protection Act - Link to Speech 4: None appropriate.(10) In this section, “processing” has the same meaning as in Parts 5 to 7 of the Data Protection Act - Link to Speech
Crime and Policing Bill 96 speeches (28,955 words) Committee stage part one Wednesday 7th January 2026 - Lords Chamber Home Office Mentions: 1: Lord Clement-Jones (LD - Life peer) The Fraud Act 2006, the Computer Misuse Act 1990, the Data Protection Act 2018 and subsequent data protection - Link to Speech 2: Lord Blencathra (Con - Life peer) It also risks overlap with the Fraud Act, the Computer Misuse Act and the Data Protection Act, and lacks - Link to Speech 3: Lord Hanson of Flint (Lab - Life peer) of the Fraud Act, Sections 1 and 2 of the Computer Misuse Act 1990, and Section 170 of the Data Protection Act - Link to Speech

Select Committee Documents
Tuesday 3rd February 2026 Written Evidence - UK Finance FIS0094 - Financial Inclusion Strategy Treasury Committee Found: additional compliance requirements associated with special category data under the General Data Protection Act
Monday 2nd February 2026 Scrutiny evidence - Promoter's Materials in support of evidence commencing on 4 February 2026 Malvern Hills Bill [HL] Committee Found: not allowed to inspect, such as personal and personnel information, in accordance with the Data Protection Act
Monday 2nd February 2026 Scrutiny evidence - Part 1 of Promoter's Materials in support of evidence commencing on 4 February 2026 Malvern Hills Bill [HL] Committee Found: not allowed to inspect, such as personal and personnel information, in accordance with the Data Protection Act
Friday 23rd January 2026 Written Evidence - Department of Science Innovation and Technology RAI0077 - Human Rights and the Regulation of AI Human Rights and the Regulation of AI - Human Rights (Joint Committee) Found: of rights. 9 For example, the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act
Thursday 22nd January 2026 Report - 5th Report - First 1000 days: a renewed focus Health and Social Care Committee Found: regulatory requirements, including the UK General Data Protection Regulation 2018 and the Data Protection Act
Wednesday 21st January 2026 Written Evidence - Nigerian Lawyers in the UK RTS3907 - Routes to Settlement Routes to Settlement - Home Affairs Committee Found: All procedures complied with the UK GDPR and the Data Protection Act 2018.
Thursday 15th January 2026 Written Evidence - BGTS LTD GDA0008 - Government use of data analytics on error and fraud Public Accounts Committee Found: While GDPR and UK Data Protection Act include provisions for crime prevention, practical implementation
Thursday 8th January 2026 Written Evidence - Ministry of Defence ADBRS0030 - Afghan Data Breach and Resettlement Schemes Afghan Data Breach and Resettlement Schemes - Defence Committee Found: Data Protection Advisor(s) to ensure that the processing of personal data complies with Data Protection Act

Written Answers
Multi-academy Trusts: Corporate Governance Asked by: Sarah Edwards (Labour - Tamworth) Friday 6th February 2026 Question to the Department for Education: To ask the Secretary of State for Education, whether Multi-Academy Trust boards are permitted to redact minutes of board meetings that relate to the use of public funds; what guidance her Department issues on transparency and redaction of trust governance documents; and what assessment she has made of the adequacy of current practices. Answered by Georgia Gould - Minister of State (Education) The Academy Trust Governance Guide outlines that the trust board is responsible for being open and transparent about its decisions and actions. This guide is accessible at: https://www.gov.uk/government/publications/academy-trust-governance-guide. The Academy Trust Handbook and trust’s articles of association state that trusts must make available on request for inspection the agenda for board, local committees/governing bodies and committee meetings, approved minutes of each meeting, and any report, document or other paper considered at each meeting. Trusts may exclude from its records material which, by reason of its nature, the trustees are satisfied should remain confidential, such as names of employees or pupils. The trust must comply with the Data Protection Act 2018 and UK General Data Protection Regulations. To monitor financial oversight, trusts must submit an annual report and accounts in accordance with the Charity Commission’s Statement of Recommended Practice and the departments Accounts Direction to the department. The requirements set out in the Academy Trust Handbook are reviewed annually.
Press: Misconduct Asked by: Kevin Hollinrake (Conservative - Thirsk and Malton) Wednesday 4th February 2026 Question to the Department for Digital, Culture, Media & Sport: To ask the Secretary of State for Culture, Media and Sport, pursuant to the Answer of 25 April 2025 to Question 45800 on Press: Misconduct, what steps her Department is taking to help ensure that arbitration schemes operated by press regulators are available to provide timely and effective redress before the Government directs members of the public to them in guidance. Answered by Ian Murray - Minister of State (Department for Science, Innovation and Technology) The UK has a self-regulatory system for the press, which is independent from Government. This is vital to ensure the public has access to accurate and trustworthy information from a range of different sources. The Government therefore does not intervene in or evaluate the work of independent press regulators. However, under Section 179 of the Data Protection Act every three years the Secretary of State must lay before Parliament a report on the use and effectiveness of alternative dispute resolution procedures, such as arbitration, in cases involving a failure or alleged failure by relevant media organisations to comply with data protection legislation. The most recent report was presented to Parliament in May 2024 and was carried independently of DCMS by David Rossington, as the Independent Reviewer. The report is published on the Gov.uk website: https://assets.publishing.service.gov.uk/media/67d2ded5fb8db2176d5e97d0/Formatted_240312_SECOND_REPORT_UNDER_SECTION_179_OF_THE_DATA_PROTECTION_ACT_v3__FINAL__accessible.pdf.
Email: Data Protection Asked by: Andrew Snowden (Conservative - Fylde) Thursday 29th January 2026 Question to the Department for Science, Innovation & Technology: To ask the Secretary of State for Science, Innovation and Technology, what safeguards are in place to ensure that automated analysis by private tech companies of the content of private email complies with the UK General Data Protection Regulation and the Data Protection Act 2018. Answered by Ian Murray - Minister of State (Department for Science, Innovation and Technology) The UK’s data protection legislation applies to any processing of personal data regardless of the technology being used. Technology companies that screen or analyse personal emails must identify an appropriate legal ground for doing so, such as obtaining user consent. Personal data must also be processed fairly and transparently so that people can make informed decisions about whether to use a service. The data protection legislation is monitored and enforced independently of government by the Information Commissioner’s Office (ICO). The ICO has published guidance for organisations on automated decision making, profiling and artificial intelligence at: Automated decision-making and profiling \| ICO and Artificial intelligence \| ICO. It will also consider complaints about organisations that fail to comply with the legislation.
Department for Culture, Media and Sport: Equality Asked by: Rupert Lowe (Independent - Great Yarmouth) Tuesday 27th January 2026 Question to the Department for Digital, Culture, Media & Sport: To ask the Secretary of State for Culture, Media and Sport, how many civil servants employed by their Department work in roles primarily focused on (a) transgender policy, (b) diversity, (c) equity and (d) inclusion; and at what annual salary cost. Answered by Ian Murray - Minister of State (Department for Science, Innovation and Technology) We cannot provide the number and salary of staff who are employed in roles primarily focussed on a combination of diversity, equity and inclusion. Doing so would breach the Data Protection Act and risk identifying individual members of staff because the data is concerning five or less employees, and the information relates to someone other than the data subjects.
Technology: Data Protection Asked by: Andrew Snowden (Conservative - Fylde) Tuesday 27th January 2026 Question to the Department for Science, Innovation & Technology: To ask the Secretary of State for Science, Innovation and Technology, what assessment she has made of the effectiveness of current obligations of tech companies to communicate to customers about how their data will be used. Answered by Ian Murray - Minister of State (Department for Science, Innovation and Technology) The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA) impose obligations on tech companies to process customers’ personal data lawfully, fairly, transparently and securely, unless certain limited exemptions apply. Organisations must only process personal data where there are legitimate grounds to do so, and be clear with people about how and why their data is being used, such as through privacy notices. The data protection legislation is monitored and enforced independently of Government by the Information Commissioner’s Office (ICO). The ICO has published guidance on transparency requirements here: https://ico.org.uk/for-organisations/advice-and-services/audits/data-protection-audit-framework/toolkits/accountability/transparency/.
Data Protection: Public Bodies Asked by: Lord Clement-Jones (Liberal Democrat - Life peer) Thursday 22nd January 2026 Question to the Department for Science, Innovation & Technology: To ask His Majesty's Government, further to the Written Answer by Baroness Lloyd of Effra on 5 January [HL12970], whether the responsibilities in the Digital Economy Act 2017 Codes of Practice have been met; and whether that single entity named is required to have a current registration with the ICO for Data Protection Act purposes. Answered by Baroness Lloyd of Effra - Baroness in Waiting (HM Household) (Whip) The Digital Economy Act 2017 requires all persons who are involved in disclosing or using information under the public service delivery, debt and fraud powers to have due regard to the Code of Practice for public authorities disclosing information under Chapters 1, 3 and 4 (Public Service Delivery, Debt and Fraud) of Part 5 of the Digital Economy Act 2017 in so far as they are relevant, when they disclose or use information under these powers. It is also a legal requirement for many organisations including government bodies and agencies that process personal data, to register with the Information Commissioner’s Office in accordance with the Data Protection (Charges and Information) Regulations 2018 unless they are exempt.
NHS Trusts: Subject Access Requests Asked by: Ben Maguire (Liberal Democrat - North Cornwall) Tuesday 13th January 2026 Question to the Department for Science, Innovation & Technology: To ask the Secretary of State for Science, Innovation and Technology, if she will made an assessment of the potential impact of SARs not being disclosed by NHS hospital trusts within the statutory one month timeframe. Answered by Ian Murray - Minister of State (Department for Science, Innovation and Technology) The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA) provide individuals with the right to access their personal data, subject to relevant exemptions. A subject access request must be responded to within one month of receiving the request. The response time may be extended by a further two months if the request is complex, or if the individual has submitted a number of requests, provided the organisation informs the requestor within the one-month period and provides reasons for the delay. NHS England has produced guidance for patients and service users on making a Subject Access Request (SAR), and for professionals to ensure they can respond to requests in a timely manner. It can be found here: https://transform.england.nhs.uk/information-governance/guidance/subject-access-requests/ The Information Commissioner’s Office (ICO) is responsible for monitoring and enforcing the data protection legislation independently of government, and is accountable to Parliament.
Subject Access Requests Asked by: Ben Maguire (Liberal Democrat - North Cornwall) Tuesday 13th January 2026 Question to the Department for Science, Innovation & Technology: To ask the Secretary of State for Science, Innovation and Technology, what steps her Department is taking to ensure the ICO's statutory duty to enforce SAR disclosures are met within a one month timeframe. Answered by Ian Murray - Minister of State (Department for Science, Innovation and Technology) The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA) provide individuals with the right to access their personal data, subject to relevant exemptions. A subject access request must be responded to within one month of receiving the request. The response time may be extended by a further two months if the request is complex, or if the individual has submitted a number of requests, provided the organisation informs the requestor within the one-month period and provides reasons for the delay. The Information Commissioner’s Office (ICO) is responsible for monitoring and enforcing the data protection legislation independently of government, and is accountable to Parliament.
Biometrics: Civil Liberties Asked by: James McMurdock (Independent - South Basildon and East Thurrock) Tuesday 6th January 2026 Question to the Home Office: To ask the Secretary of State for the Home Department, what recent assessment she has made of the potential impact of live facial recognition surveillance on the rights to privacy, freedom of assembly, and freedom of expression. Answered by Sarah Jones - Minister of State (Home Office) Passport photographs are not being enrolled into biometric databases accessible for live facial recognition searches. However, His Majesty’s Passport Office (HMPO) may conduct retrospective facial recognition searches against the passport database, on behalf of police forces, in relation to serious cases e.g. sexual offences, violent offences, serious and organised crime, or those that are of a national security interest. Guidance on this practice, and an Equality Impact Assessment has been published on the GOV.UK site. When deploying facial recognition technology, police forces must comply with existing legislation including the Human Rights Act 1998, Equality Act 2010, Data Protection Act 2018, Police and Criminal Evidence Act 1984, as well as their own published policies. For live facial recognition, police forces must also follow the College of Policing’s Authorised Professional Practice (APP) on Live Facial Recognition. Forces also need to comply with the Surveillance Camera Code of Practice, which is supplemented by published policing policies. On 4 December the Government launched a consultation on law enforcement use of biometrics, facial recognition and similar technologies. We are consulting on a new legal framework to create consistent, durable rules and appropriate safeguards for biometrics and facial recognition. This framework will aim to strike the right balance between public protection and privacy.
Passports: Photographs Asked by: James McMurdock (Independent - South Basildon and East Thurrock) Tuesday 6th January 2026 Question to the Home Office: To ask the Secretary of State for the Home Department, whether passport photographs are being enrolled into biometric databases accessible for live facial recognition searches; and what assessment she has made of the privacy implications of this policy. Answered by Sarah Jones - Minister of State (Home Office) Passport photographs are not being enrolled into biometric databases accessible for live facial recognition searches. However, His Majesty’s Passport Office (HMPO) may conduct retrospective facial recognition searches against the passport database, on behalf of police forces, in relation to serious cases e.g. sexual offences, violent offences, serious and organised crime, or those that are of a national security interest. Guidance on this practice, and an Equality Impact Assessment has been published on the GOV.UK site. When deploying facial recognition technology, police forces must comply with existing legislation including the Human Rights Act 1998, Equality Act 2010, Data Protection Act 2018, Police and Criminal Evidence Act 1984, as well as their own published policies. For live facial recognition, police forces must also follow the College of Policing’s Authorised Professional Practice (APP) on Live Facial Recognition. Forces also need to comply with the Surveillance Camera Code of Practice, which is supplemented by published policing policies. On 4 December the Government launched a consultation on law enforcement use of biometrics, facial recognition and similar technologies. We are consulting on a new legal framework to create consistent, durable rules and appropriate safeguards for biometrics and facial recognition. This framework will aim to strike the right balance between public protection and privacy.
Cabinet Office: Revenue and Customs Asked by: Mike Wood (Conservative - Kingswinford and South Staffordshire) Monday 5th January 2026 Question to the Cabinet Office: To ask the Minister for the Cabinet Office, whether the 2017 Memorandum of Understanding between HMRC and the Cabinet Office has been updated since the introduction of the Data Protection Act 2018; and on what basis data transfers for honours probity checks continues. Answered by Nick Thomas-Symonds - Paymaster General and Minister for the Cabinet Office As noted in our answer to PQ 92590, the Memorandum of Understanding between the Cabinet Office and HMRC was last updated in 2023. The Memorandum of Understanding, which is published in full on gov.uk, sets out the legal and lawful basis by which data is transferred. The 2023 Memorandum of Understanding is available at the following link: https://www.gov.uk/government/publications/sharing-hmrc-information-to-assist-honours-committees-recommendations/memorandum-of-understanding-accessing-hmrc-information-to-assist-honours-committees-in-making-recommendations-about-awarding-honours-to-individ
Police: Biometrics Asked by: James McMurdock (Independent - South Basildon and East Thurrock) Monday 5th January 2026 Question to the Home Office: To ask the Secretary of State for the Home Department, on what statutory basis live facial recognition technology is deployed by police forces in England and Wales; and whether her Department plans to introduce primary legislation before any expansion of its use. Answered by Sarah Jones - Minister of State (Home Office) There is an established basis for the police to use live facial recognition technology. When deploying facial recognition technology, police forces must comply with existing legislation including the Human Rights Act 1998, Equality Act 2010, Data Protection Act 2018, Police and Criminal Evidence Act 1984, as well as their own published policies. For live facial recognition, police forces must also follow the College of Policing’s Authorised Professional Practice (APP) on Live Facial Recognition. Forces also need to comply with the Surveillance Camera Code of Practice, which is supplemented by published policing policies. On 4 December the Government launched a consultation on law enforcement use of biometrics, facial recognition and similar technologies. Although there is a legal basis for police use of facial recognition, the current legal framework is complicated, inflexible and difficult to understand, which in turn limits the extent to which facial recognition and similar technologies can be confidently used. That is why the government is consulting on a new legal framework to inform potential legislation.
Biometrics: Parliamentary Scrutiny Asked by: James McMurdock (Independent - South Basildon and East Thurrock) Monday 5th January 2026 Question to the Home Office: To ask the Secretary of State for the Home Department, what plans she has to allow for Parliamentary scrutiny of proposals to expand the use of live facial recognition technology. Answered by Sarah Jones - Minister of State (Home Office) There is an established basis for the police to use live facial recognition technology. When deploying facial recognition technology, police forces must comply with existing legislation including the Human Rights Act 1998, Equality Act 2010, Data Protection Act 2018, Police and Criminal Evidence Act 1984, as well as their own published policies. For live facial recognition, police forces must also follow the College of Policing’s Authorised Professional Practice (APP) on Live Facial Recognition. Forces also need to comply with the Surveillance Camera Code of Practice, which is supplemented by published policing policies. On 4 December the Government launched a consultation on law enforcement use of biometrics, facial recognition and similar technologies. Although there is a legal basis for police use of facial recognition, the current legal framework is complicated, inflexible and difficult to understand, which in turn limits the extent to which facial recognition and similar technologies can be confidently used. That is why the government is consulting on a new legal framework to inform potential legislation.
Biometrics Asked by: James McMurdock (Independent - South Basildon and East Thurrock) Monday 5th January 2026 Question to the Home Office: To ask the Secretary of State for the Home Department, whether she plans to prevent the expansion of live facial recognition technology beyond counter-terrorism and serious crime into routine policing, retail monitoring, or crowd surveillance. Answered by Sarah Jones - Minister of State (Home Office) Live facial recognition technology, which involves processing live video footage of people passing a camera, is used in England and Wales to help locate people who are wanted by the police, in public spaces. The College of Policing has produced national guidance in the form of an Authorised Professional Practice (APP), setting out when the police can use live facial recognition and the categories of people they can look for. These include individuals wanted by the police or the courts, suspects, missing or vulnerable people, or those posing a risk of harm to themselves or others. In each case, inclusion on a watchlist must be justified and authorised, and must pass the tests of necessity, proportionality and use for a policing purpose. On 4 December the Government launched a consultation on establishing a new legal framework which focuses on the use of facial recognition and similar technologies by law enforcement organisations, for a law enforcement purpose. The consultation seeks views on whether seriousness of harm should be a factor to decide how and when law enforcement organisations can acquire, retain, and use biometrics, facial recognition, and similar technology. The consultation also asks for views on what factors are relevant to consider when assessing ‘seriousness’ of harm and for which purposes should law enforcement organisations be allowed to use these technologies. The consultation also explains that the new legal framework will apply to law enforcement organisations. This would include all police forces in England and Wales, and national and specialist law enforcement agencies like the British Transport Police and National Crime Agency and for law enforcement activity by other public bodies such as the Environment Agency, HMRC or Border Force. We are aware that facial recognition and similar technologies are used more broadly across the public and private sectors. For example, we know that nightclubs use it to help identify barred patrons. Where that is the case they must comply with all relevant existing legislation including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 and guidance, with the Information Commissioner’s Office (ICO) as the principal regulator. Through the consultation we will therefore also consider whether public and private sector organisations ought to have due regard to the new legal framework and especially to any best practice established as a result.
Biometrics Asked by: James McMurdock (Independent - South Basildon and East Thurrock) Monday 5th January 2026 Question to the Home Office: To ask the Secretary of State for the Home Department, whether she plans to expand the use of live facial recognition technology for non-criminal matters. Answered by Sarah Jones - Minister of State (Home Office) Live facial recognition technology, which involves processing live video footage of people passing a camera, is used in England and Wales to help locate people who are wanted by the police, in public spaces. The College of Policing has produced national guidance in the form of an Authorised Professional Practice (APP), setting out when the police can use live facial recognition and the categories of people they can look for. These include individuals wanted by the police or the courts, suspects, missing or vulnerable people, or those posing a risk of harm to themselves or others. In each case, inclusion on a watchlist must be justified and authorised, and must pass the tests of necessity, proportionality and use for a policing purpose. On 4 December the Government launched a consultation on establishing a new legal framework which focuses on the use of facial recognition and similar technologies by law enforcement organisations, for a law enforcement purpose. The consultation seeks views on whether seriousness of harm should be a factor to decide how and when law enforcement organisations can acquire, retain, and use biometrics, facial recognition, and similar technology. The consultation also asks for views on what factors are relevant to consider when assessing ‘seriousness’ of harm and for which purposes should law enforcement organisations be allowed to use these technologies. The consultation also explains that the new legal framework will apply to law enforcement organisations. This would include all police forces in England and Wales, and national and specialist law enforcement agencies like the British Transport Police and National Crime Agency and for law enforcement activity by other public bodies such as the Environment Agency, HMRC or Border Force. We are aware that facial recognition and similar technologies are used more broadly across the public and private sectors. For example, we know that nightclubs use it to help identify barred patrons. Where that is the case they must comply with all relevant existing legislation including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 and guidance, with the Information Commissioner’s Office (ICO) as the principal regulator. Through the consultation we will therefore also consider whether public and private sector organisations ought to have due regard to the new legal framework and especially to any best practice established as a result.
Housing: Harassment Asked by: Suella Braverman (Reform UK - Fareham and Waterlooville) Friday 2nd January 2026 Question to the Home Office: To ask the Secretary of State for the Home Department, whether her Department will review the classification of neighbour harassment involving intrusive CCTV surveillance. Answered by Sarah Jones - Minister of State (Home Office) The police have a range of powers to deal with any behaviour that causes harassment, alarm or distress to others. The Government fully supports the police in their use of these powers to maintain public order and keep communities safe. Individuals that use CCTV to film outside their property boundary have to comply fully with the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018. The Information Commissioner’s Office (ICO) has published guidance which details the obligations the CCTV user will need to comply with: https://ico.org.uk/for-the-public/home-cctv-systems/. Where there is sufficient evidence of harassment or stalking from a domestic camera system, this may lead to prosecution for a criminal offence of harassment or stalking under the Protection from Harassment Act 1997. In addition to the Protection from Harassment Act 1997, another potential remedy in civil law is the tort of private nuisance, which is a common law tort that relates to a person’s private rights in relation to land.
Google: Contracts Asked by: Lord Taylor of Warwick (Non-affiliated - Life peer) Monday 29th December 2025 Question to the Department for Science, Innovation & Technology: To ask His Majesty's Government what steps they are taking to ensure robust governance, safety evaluation and transparency in their announced partnership with Google DeepMind, including the planned automated science laboratory and access to its AI models for public services. Answered by Baroness Lloyd of Effra - Baroness in Waiting (HM Household) (Whip) The non‑binding Memorandum of Understanding between DSIT and Google DeepMind establishes a partnership for collaboration to support delivery on this government’s AI Opportunities Action Plan. This includes concrete initiatives such as priority access for UK scientists to AI tools; deepening collaboration with the AI Security Institute on AI safety and security research; and support for the development of AI-ready datasets in strategically important domains such as fusion energy. The automated lab announced alongside the MoU is an independent Google DeepMind initiative, fully funded by Google DeepMind. The UK Government is not involved in operating or funding the lab. The partnership with Google DeepMind will support DSIT’s efforts to explore how AI can improve productivity and service delivery across government. However, any use of AI in public services will be subject to the highest standards of safety and security, including the Data Protection Act 2018 and UK GDPR, the Government’s Data Ethics Framework, and relevant departmental assurance and security processes.
Biometrics: Children Asked by: Baroness Jones of Moulsecoomb (Green Party - Life peer) Tuesday 23rd December 2025 Question to the Home Office: To ask His Majesty's Government what plans they have to restrict the circumstances in which children may be added to facial recognition watchlists. Answered by Lord Hanson of Flint - Minister of State (Home Office) Facial recognition is a crucial tool that helps the police locate missing people, suspects, and those wanted by the courts. In some cases, under the existing legal framework this includes vulnerable individuals such as missing children. When using facial recognition technology, police forces must comply with legislation including the Human Rights Act 1998, Equality Act 2010, Data Protection Act 2018, Police and Criminal Evidence Act 1984, as well as their own published policies. For live facial recognition, police forces must also follow the College of Policing’s Authorised Professional Practice (APP) on Live Facial Recognition. This sets out the categories of people who may be included on a watchlist. These include individuals wanted by the police or the courts, suspects, missing or vulnerable people, or those posing a risk of harm to themselves or others. In each case, inclusion on a watchlist must be justified and authorised, and must pass the tests of necessity, proportionality and use for a policing purpose. On 4^th December the Government launched a consultation on a new legal framework for law enforcement use of biometrics, facial recognition and similar technologies. During the consultation we want to hear views on when and how biometrics, facial recognition and similar technologies should be used, and what safeguards and oversight are needed.
Biometrics: Children Asked by: Lord Alton of Liverpool (Crossbench - Life peer) Tuesday 23rd December 2025 Question to the Home Office: To ask His Majesty's Government whether they plan to introduce limits on the circumstances in which police forces can add children to facial recognition watchlists. Answered by Lord Hanson of Flint - Minister of State (Home Office) Facial recognition is a crucial tool that helps the police locate missing people, suspects, and those wanted by the courts. In some cases, under the existing legal framework this includes vulnerable individuals such as missing children. When using facial recognition technology, police forces must comply with legislation including the Human Rights Act 1998, Equality Act 2010, Data Protection Act 2018, Police and Criminal Evidence Act 1984, as well as their own published policies. For live facial recognition, police forces must also follow the College of Policing’s Authorised Professional Practice (APP) on Live Facial Recognition. This sets out the categories of people who may be included on a watchlist. These include individuals wanted by the police or the courts, suspects, missing or vulnerable people, or those posing a risk of harm to themselves or others.In each case, inclusion on a watchlist must be justified and authorised, and must pass the tests of necessity, proportionality and use for a policing purpose. On 4^th December the Government launched a consultation on a new legal framework for law enforcement use of biometrics, facial recognition and similar technologies. During the consultation we want to hear views on when and how biometrics, facial recognition and similar technologies should be used, and what safeguards and oversight are needed.
Police: Biometrics Asked by: Lord Taylor of Warwick (Non-affiliated - Life peer) Tuesday 23rd December 2025 Question to the Home Office: To ask His Majesty's Government what steps they are taking to ensure that any use of live facial recognition cameras by law enforcement bodies is subject to clear safeguards to protect privacy and human rights. Answered by Lord Hanson of Flint - Minister of State (Home Office) When deploying facial recognition technology, police forces must comply with existing legislation including the Human Rights Act 1998, Equality Act 2010, Data Protection Act 2018, Police and Criminal Evidence Act 1984, as well as their own published policies. For live facial recognition, police forces must also follow the College of Policing’s Authorised Professional Practice (APP) on Live Facial Recognition. Forces must also give due regard to the Surveillance Camera Code of Practice, which is supplemented by published policing policies. On 4 December the Government launched a 10 week public consultation on law enforcement use of biometrics, facial recognition and similar technologies. We are consulting on a new legal framework to create consistent, durable rules and appropriate safeguards for biometrics and facial recognition. This framework will aim to strike the right balance between public protection and privacy. The consultation will close week commencing 9 Feb 2026.

Written Answers

Multi-academy Trusts: Corporate Governance
Asked by: Sarah Edwards (Labour - Tamworth)
Friday 6th February 2026

Question to the Department for Education:

To ask the Secretary of State for Education, whether Multi-Academy Trust boards are permitted to redact minutes of board meetings that relate to the use of public funds; what guidance her Department issues on transparency and redaction of trust governance documents; and what assessment she has made of the adequacy of current practices.

Answered by Georgia Gould - Minister of State (Education)

The Academy Trust Governance Guide outlines that the trust board is responsible for being open and transparent about its decisions and actions. This guide is accessible at: https://www.gov.uk/government/publications/academy-trust-governance-guide.

The Academy Trust Handbook and trust’s articles of association state that trusts must make available on request for inspection the agenda for board, local committees/governing bodies and committee meetings, approved minutes of each meeting, and any report, document or other paper considered at each meeting.

Trusts may exclude from its records material which, by reason of its nature, the trustees are satisfied should remain confidential, such as names of employees or pupils. The trust must comply with the Data Protection Act 2018 and UK General Data Protection Regulations.

To monitor financial oversight, trusts must submit an annual report and accounts in accordance with the Charity Commission’s Statement of Recommended Practice and the departments Accounts Direction to the department.

The requirements set out in the Academy Trust Handbook are reviewed annually.

Press: Misconduct
Asked by: Kevin Hollinrake (Conservative - Thirsk and Malton)
Wednesday 4th February 2026

Question to the Department for Digital, Culture, Media & Sport:

To ask the Secretary of State for Culture, Media and Sport, pursuant to the Answer of 25 April 2025 to Question 45800 on Press: Misconduct, what steps her Department is taking to help ensure that arbitration schemes operated by press regulators are available to provide timely and effective redress before the Government directs members of the public to them in guidance.

Answered by Ian Murray - Minister of State (Department for Science, Innovation and Technology)

The UK has a self-regulatory system for the press, which is independent from Government. This is vital to ensure the public has access to accurate and trustworthy information from a range of different sources. The Government therefore does not intervene in or evaluate the work of independent press regulators.

However, under Section 179 of the Data Protection Act every three years the Secretary of State must lay before Parliament a report on the use and effectiveness of alternative dispute resolution procedures, such as arbitration, in cases involving a failure or alleged failure by relevant media organisations to comply with data protection legislation. The most recent report was presented to Parliament in May 2024 and was carried independently of DCMS by David Rossington, as the Independent Reviewer. The report is published on the Gov.uk website:

https://assets.publishing.service.gov.uk/media/67d2ded5fb8db2176d5e97d0/Formatted_240312_SECOND_REPORT_UNDER_SECTION_179_OF_THE_DATA_PROTECTION_ACT_v3__FINAL__accessible.pdf.

Email: Data Protection
Asked by: Andrew Snowden (Conservative - Fylde)
Thursday 29th January 2026

Question to the Department for Science, Innovation & Technology:

To ask the Secretary of State for Science, Innovation and Technology, what safeguards are in place to ensure that automated analysis by private tech companies of the content of private email complies with the UK General Data Protection Regulation and the Data Protection Act 2018.

Answered by Ian Murray - Minister of State (Department for Science, Innovation and Technology)

The UK’s data protection legislation applies to any processing of personal data regardless of the technology being used. Technology companies that screen or analyse personal emails must identify an appropriate legal ground for doing so, such as obtaining user consent. Personal data must also be processed fairly and transparently so that people can make informed decisions about whether to use a service.

The data protection legislation is monitored and enforced independently of government by the Information Commissioner’s Office (ICO). The ICO has published guidance for organisations on automated decision making, profiling and artificial intelligence at: Automated decision-making and profiling | ICO and Artificial intelligence | ICO. It will also consider complaints about organisations that fail to comply with the legislation.

Department for Culture, Media and Sport: Equality
Asked by: Rupert Lowe (Independent - Great Yarmouth)
Tuesday 27th January 2026

Question to the Department for Digital, Culture, Media & Sport:

To ask the Secretary of State for Culture, Media and Sport, how many civil servants employed by their Department work in roles primarily focused on (a) transgender policy, (b) diversity, (c) equity and (d) inclusion; and at what annual salary cost.

Answered by Ian Murray - Minister of State (Department for Science, Innovation and Technology)

We cannot provide the number and salary of staff who are employed in roles primarily focussed on a combination of diversity, equity and inclusion. Doing so would breach the Data Protection Act and risk identifying individual members of staff because the data is concerning five or less employees, and the information relates to someone other than the data subjects.

Technology: Data Protection
Asked by: Andrew Snowden (Conservative - Fylde)
Tuesday 27th January 2026

Question to the Department for Science, Innovation & Technology:

To ask the Secretary of State for Science, Innovation and Technology, what assessment she has made of the effectiveness of current obligations of tech companies to communicate to customers about how their data will be used.

Answered by Ian Murray - Minister of State (Department for Science, Innovation and Technology)

The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA) impose obligations on tech companies to process customers’ personal data lawfully, fairly, transparently and securely, unless certain limited exemptions apply. Organisations must only process personal data where there are legitimate grounds to do so, and be clear with people about how and why their data is being used, such as through privacy notices.

The data protection legislation is monitored and enforced independently of Government by the Information Commissioner’s Office (ICO). The ICO has published guidance on transparency requirements here: https://ico.org.uk/for-organisations/advice-and-services/audits/data-protection-audit-framework/toolkits/accountability/transparency/.

Data Protection: Public Bodies
Asked by: Lord Clement-Jones (Liberal Democrat - Life peer)
Thursday 22nd January 2026

Question to the Department for Science, Innovation & Technology:

To ask His Majesty's Government, further to the Written Answer by Baroness Lloyd of Effra on 5 January [HL12970], whether the responsibilities in the Digital Economy Act 2017 Codes of Practice have been met; and whether that single entity named is required to have a current registration with the ICO for Data Protection Act purposes.

Answered by Baroness Lloyd of Effra - Baroness in Waiting (HM Household) (Whip)

The Digital Economy Act 2017 requires all persons who are involved in disclosing or using information under the public service delivery, debt and fraud powers to have due regard to the Code of Practice for public authorities disclosing information under Chapters 1, 3 and 4 (Public Service Delivery, Debt and Fraud) of Part 5 of the Digital Economy Act 2017 in so far as they are relevant, when they disclose or use information under these powers.

It is also a legal requirement for many organisations including government bodies and agencies that process personal data, to register with the Information Commissioner’s Office in accordance with the Data Protection (Charges and Information) Regulations 2018 unless they are exempt.

NHS Trusts: Subject Access Requests
Asked by: Ben Maguire (Liberal Democrat - North Cornwall)
Tuesday 13th January 2026

Question to the Department for Science, Innovation & Technology:

To ask the Secretary of State for Science, Innovation and Technology, if she will made an assessment of the potential impact of SARs not being disclosed by NHS hospital trusts within the statutory one month timeframe.

Answered by Ian Murray - Minister of State (Department for Science, Innovation and Technology)

The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA) provide individuals with the right to access their personal data, subject to relevant exemptions. A subject access request must be responded to within one month of receiving the request. The response time may be extended by a further two months if the request is complex, or if the individual has submitted a number of requests, provided the organisation informs the requestor within the one-month period and provides reasons for the delay.

NHS England has produced guidance for patients and service users on making a Subject Access Request (SAR), and for professionals to ensure they can respond to requests in a timely manner. It can be found here: https://transform.england.nhs.uk/information-governance/guidance/subject-access-requests/

The Information Commissioner’s Office (ICO) is responsible for monitoring and enforcing the data protection legislation independently of government, and is accountable to Parliament.

Subject Access Requests
Asked by: Ben Maguire (Liberal Democrat - North Cornwall)
Tuesday 13th January 2026

Question to the Department for Science, Innovation & Technology:

To ask the Secretary of State for Science, Innovation and Technology, what steps her Department is taking to ensure the ICO's statutory duty to enforce SAR disclosures are met within a one month timeframe.

Answered by Ian Murray - Minister of State (Department for Science, Innovation and Technology)

The Information Commissioner’s Office (ICO) is responsible for monitoring and enforcing the data protection legislation independently of government, and is accountable to Parliament.

Biometrics: Civil Liberties
Asked by: James McMurdock (Independent - South Basildon and East Thurrock)
Tuesday 6th January 2026

Question to the Home Office:

To ask the Secretary of State for the Home Department, what recent assessment she has made of the potential impact of live facial recognition surveillance on the rights to privacy, freedom of assembly, and freedom of expression.

Answered by Sarah Jones - Minister of State (Home Office)

Passport photographs are not being enrolled into biometric databases accessible for live facial recognition searches. However, His Majesty’s Passport Office (HMPO) may conduct retrospective facial recognition searches against the passport database, on behalf of police forces, in relation to serious cases e.g. sexual offences, violent offences, serious and organised crime, or those that are of a national security interest. Guidance on this practice, and an Equality Impact Assessment has been published on the GOV.UK site.

When deploying facial recognition technology, police forces must comply with existing legislation including the Human Rights Act 1998, Equality Act 2010, Data Protection Act 2018, Police and Criminal Evidence Act 1984, as well as their own published policies. For live facial recognition, police forces must also follow the College of Policing’s Authorised Professional Practice (APP) on Live Facial Recognition. Forces also need to comply with the Surveillance Camera Code of Practice, which is supplemented by published policing policies.

On 4 December the Government launched a consultation on law enforcement use of biometrics, facial recognition and similar technologies. We are consulting on a new legal framework to create consistent, durable rules and appropriate safeguards for biometrics and facial recognition. This framework will aim to strike the right balance between public protection and privacy.

Passports: Photographs
Asked by: James McMurdock (Independent - South Basildon and East Thurrock)
Tuesday 6th January 2026

Question to the Home Office:

To ask the Secretary of State for the Home Department, whether passport photographs are being enrolled into biometric databases accessible for live facial recognition searches; and what assessment she has made of the privacy implications of this policy.

Answered by Sarah Jones - Minister of State (Home Office)

Cabinet Office: Revenue and Customs
Asked by: Mike Wood (Conservative - Kingswinford and South Staffordshire)
Monday 5th January 2026

Question to the Cabinet Office:

To ask the Minister for the Cabinet Office, whether the 2017 Memorandum of Understanding between HMRC and the Cabinet Office has been updated since the introduction of the Data Protection Act 2018; and on what basis data transfers for honours probity checks continues.

Answered by Nick Thomas-Symonds - Paymaster General and Minister for the Cabinet Office

As noted in our answer to PQ 92590, the Memorandum of Understanding between the Cabinet Office and HMRC was last updated in 2023. The Memorandum of Understanding, which is published in full on gov.uk, sets out the legal and lawful basis by which data is transferred.

The 2023 Memorandum of Understanding is available at the following link:

https://www.gov.uk/government/publications/sharing-hmrc-information-to-assist-honours-committees-recommendations/memorandum-of-understanding-accessing-hmrc-information-to-assist-honours-committees-in-making-recommendations-about-awarding-honours-to-individ

Police: Biometrics
Asked by: James McMurdock (Independent - South Basildon and East Thurrock)
Monday 5th January 2026

Question to the Home Office:

To ask the Secretary of State for the Home Department, on what statutory basis live facial recognition technology is deployed by police forces in England and Wales; and whether her Department plans to introduce primary legislation before any expansion of its use.

Answered by Sarah Jones - Minister of State (Home Office)

There is an established basis for the police to use live facial recognition technology. When deploying facial recognition technology, police forces must comply with existing legislation including the Human Rights Act 1998, Equality Act 2010, Data Protection Act 2018, Police and Criminal Evidence Act 1984, as well as their own published policies. For live facial recognition, police forces must also follow the College of Policing’s Authorised Professional Practice (APP) on Live Facial Recognition. Forces also need to comply with the Surveillance Camera Code of Practice, which is supplemented by published policing policies.

On 4 December the Government launched a consultation on law enforcement use of biometrics, facial recognition and similar technologies. Although there is a legal basis for police use of facial recognition, the current legal framework is complicated, inflexible and difficult to understand, which in turn limits the extent to which facial recognition and similar technologies can be confidently used.

That is why the government is consulting on a new legal framework to inform potential legislation.

Biometrics: Parliamentary Scrutiny
Asked by: James McMurdock (Independent - South Basildon and East Thurrock)
Monday 5th January 2026

Question to the Home Office:

To ask the Secretary of State for the Home Department, what plans she has to allow for Parliamentary scrutiny of proposals to expand the use of live facial recognition technology.

Answered by Sarah Jones - Minister of State (Home Office)

That is why the government is consulting on a new legal framework to inform potential legislation.

Biometrics
Asked by: James McMurdock (Independent - South Basildon and East Thurrock)
Monday 5th January 2026

Question to the Home Office:

To ask the Secretary of State for the Home Department, whether she plans to prevent the expansion of live facial recognition technology beyond counter-terrorism and serious crime into routine policing, retail monitoring, or crowd surveillance.

Answered by Sarah Jones - Minister of State (Home Office)

Live facial recognition technology, which involves processing live video footage of people passing a camera, is used in England and Wales to help locate people who are wanted by the police, in public spaces. The College of Policing has produced national guidance in the form of an Authorised Professional Practice (APP), setting out when the police can use live facial recognition and the categories of people they can look for. These include individuals wanted by the police or the courts, suspects, missing or vulnerable people, or those posing a risk of harm to themselves or others. In each case, inclusion on a watchlist must be justified and authorised, and must pass the tests of necessity, proportionality and use for a policing purpose.

On 4 December the Government launched a consultation on establishing a new legal framework which focuses on the use of facial recognition and similar technologies by law enforcement organisations, for a law enforcement purpose.

The consultation seeks views on whether seriousness of harm should be a factor to decide how and when law enforcement organisations can acquire, retain, and use biometrics, facial recognition, and similar technology. The consultation also asks for views on what factors are relevant to consider when assessing ‘seriousness’ of harm and for which purposes should law enforcement organisations be allowed to use these technologies.

The consultation also explains that the new legal framework will apply to law enforcement organisations. This would include all police forces in England and Wales, and national and specialist law enforcement agencies like the British Transport Police and National Crime Agency and for law enforcement activity by other public bodies such as the Environment Agency, HMRC or Border Force.

We are aware that facial recognition and similar technologies are used more broadly across the public and private sectors. For example, we know that nightclubs use it to help identify barred patrons. Where that is the case they must comply with all relevant existing legislation including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 and guidance, with the Information Commissioner’s Office (ICO) as the principal regulator.

Through the consultation we will therefore also consider whether public and private sector organisations ought to have due regard to the new legal framework and especially to any best practice established as a result.

Biometrics
Asked by: James McMurdock (Independent - South Basildon and East Thurrock)
Monday 5th January 2026

Question to the Home Office:

To ask the Secretary of State for the Home Department, whether she plans to expand the use of live facial recognition technology for non-criminal matters.

Answered by Sarah Jones - Minister of State (Home Office)

Housing: Harassment
Asked by: Suella Braverman (Reform UK - Fareham and Waterlooville)
Friday 2nd January 2026

Question to the Home Office:

To ask the Secretary of State for the Home Department, whether her Department will review the classification of neighbour harassment involving intrusive CCTV surveillance.

Answered by Sarah Jones - Minister of State (Home Office)

The police have a range of powers to deal with any behaviour that causes harassment, alarm or distress to others. The Government fully supports the police in their use of these powers to maintain public order and keep communities safe.

Individuals that use CCTV to film outside their property boundary have to comply fully with the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018. The Information Commissioner’s Office (ICO) has published guidance which details the obligations the CCTV user will need to comply with: https://ico.org.uk/for-the-public/home-cctv-systems/.

Where there is sufficient evidence of harassment or stalking from a domestic camera system, this may lead to prosecution for a criminal offence of harassment or stalking under the Protection from Harassment Act 1997. In addition to the Protection from Harassment Act 1997, another potential remedy in civil law is the tort of private nuisance, which is a common law tort that relates to a person’s private rights in relation to land.

Google: Contracts
Asked by: Lord Taylor of Warwick (Non-affiliated - Life peer)
Monday 29th December 2025

Question to the Department for Science, Innovation & Technology:

To ask His Majesty's Government what steps they are taking to ensure robust governance, safety evaluation and transparency in their announced partnership with Google DeepMind, including the planned automated science laboratory and access to its AI models for public services.

Answered by Baroness Lloyd of Effra - Baroness in Waiting (HM Household) (Whip)

The non‑binding Memorandum of Understanding between DSIT and Google DeepMind establishes a partnership for collaboration to support delivery on this government’s AI Opportunities Action Plan. This includes concrete initiatives such as priority access for UK scientists to AI tools; deepening collaboration with the AI Security Institute on AI safety and security research; and support for the development of AI-ready datasets in strategically important domains such as fusion energy.

The automated lab announced alongside the MoU is an independent Google DeepMind initiative, fully funded by Google DeepMind. The UK Government is not involved in operating or funding the lab.

The partnership with Google DeepMind will support DSIT’s efforts to explore how AI can improve productivity and service delivery across government. However, any use of AI in public services will be subject to the highest standards of safety and security, including the Data Protection Act 2018 and UK GDPR, the Government’s Data Ethics Framework, and relevant departmental assurance and security processes.

Biometrics: Children
Asked by: Baroness Jones of Moulsecoomb (Green Party - Life peer)
Tuesday 23rd December 2025

Question to the Home Office:

To ask His Majesty's Government what plans they have to restrict the circumstances in which children may be added to facial recognition watchlists.

Answered by Lord Hanson of Flint - Minister of State (Home Office)

Facial recognition is a crucial tool that helps the police locate missing people, suspects, and those wanted by the courts.

In some cases, under the existing legal framework this includes vulnerable individuals such as missing children. When using facial recognition technology, police forces must comply with legislation including the Human Rights Act 1998, Equality Act 2010, Data Protection Act 2018, Police and Criminal Evidence Act 1984, as well as their own published policies. For live facial recognition, police forces must also follow the College of Policing’s Authorised Professional Practice (APP) on Live Facial Recognition.

This sets out the categories of people who may be included on a watchlist. These include individuals wanted by the police or the courts, suspects, missing or vulnerable people, or those posing a risk of harm to themselves or others. In each case, inclusion on a watchlist must be justified and authorised, and must pass the tests of necessity, proportionality and use for a policing purpose.

On 4^th December the Government launched a consultation on a new legal framework for law enforcement use of biometrics, facial recognition and similar technologies. During the consultation we want to hear views on when and how biometrics, facial recognition and similar technologies should be used, and what safeguards and oversight are needed.

Biometrics: Children
Asked by: Lord Alton of Liverpool (Crossbench - Life peer)
Tuesday 23rd December 2025

Question to the Home Office:

To ask His Majesty's Government whether they plan to introduce limits on the circumstances in which police forces can add children to facial recognition watchlists.

Answered by Lord Hanson of Flint - Minister of State (Home Office)

Facial recognition is a crucial tool that helps the police locate missing people, suspects, and those wanted by the courts.

This sets out the categories of people who may be included on a watchlist. These include individuals wanted by the police or the courts, suspects, missing or vulnerable people, or those posing a risk of harm to themselves or others.In each case, inclusion on a watchlist must be justified and authorised, and must pass the tests of necessity, proportionality and use for a policing purpose.

Police: Biometrics
Asked by: Lord Taylor of Warwick (Non-affiliated - Life peer)
Tuesday 23rd December 2025

Question to the Home Office:

To ask His Majesty's Government what steps they are taking to ensure that any use of live facial recognition cameras by law enforcement bodies is subject to clear safeguards to protect privacy and human rights.

Answered by Lord Hanson of Flint - Minister of State (Home Office)

When deploying facial recognition technology, police forces must comply with existing legislation including the Human Rights Act 1998, Equality Act 2010, Data Protection Act 2018, Police and Criminal Evidence Act 1984, as well as their own published policies. For live facial recognition, police forces must also follow the College of Policing’s Authorised Professional Practice (APP) on Live Facial Recognition. Forces must also give due regard to the Surveillance Camera Code of Practice, which is supplemented by published policing policies.

On 4 December the Government launched a 10 week public consultation on law enforcement use of biometrics, facial recognition and similar technologies. We are consulting on a new legal framework to create consistent, durable rules and appropriate safeguards for biometrics and facial recognition. This framework will aim to strike the right balance between public protection and privacy. The consultation will close week commencing 9 Feb 2026.

Secondary Legislation
Data (Use and Access) Act 2025 (Consequential Amendments and Transitional Provision) Regulations 2026 These Regulations make various amendments to legislation in consequence of sections 117, 118 and 119(1) of the Data (Use and Access) Act 2025 (c. 18) (“the 2025 Act”). Those sections establish the Information Commission as a body corporate, abolish the office of the Information Commissioner and transfer the functions of the Information Commissioner to the Information Commission. These Regulations also make minor amendments in consequence of sections 67 and 91 of the 2025 Act, and contain transitional provision (to maintain pension arrangements) in respect of the person who holds the office of the Information Commissioner and is first chair of the Information Commission pursuant to paragraph 2 of Schedule 14 to the 2025 Act. Parliamentary Status - Text of Legislation - Draft affirmative Laid: Monday 2nd February - In Force: Not stated Found: The Data Protection Act 201823.—(1) The Data Protection Act 2018(28) is amended as follows. (2) In each
Surrey (Structural Changes) Order 2026 This Order provides for the establishment, on 1st April 2027, of a single tier of local government in Surrey. Part 2 creates two new councils: West Surrey Council, for the same area as the existing districts of Guildford, Runnymede, Spelthorne, Surrey Heath, Waverley and Woking; and East Surrey Council, for the same area as the existing districts of Elmbridge, Epsom and Ewell, Mole Valley, Reigate and Banstead and Tandridge. Parliamentary Status - Text of Legislation - Draft affirmative Laid: Wednesday 14th January - In Force: Not stated Found: Orders) (England) Regulations 2001(27), as a relevant authority; (e)for the purposes of the Data Protection Act

Secondary Legislation

Data (Use and Access) Act 2025 (Consequential Amendments and Transitional Provision) Regulations 2026
These Regulations make various amendments to legislation in consequence of sections 117, 118 and 119(1) of the Data (Use and Access) Act 2025 (c. 18) (“the 2025 Act”). Those sections establish the Information Commission as a body corporate, abolish the office of the Information Commissioner and transfer the functions of the Information Commissioner to the Information Commission. These Regulations also make minor amendments in consequence of sections 67 and 91 of the 2025 Act, and contain transitional provision (to maintain pension arrangements) in respect of the person who holds the office of the Information Commissioner and is first chair of the Information Commission pursuant to paragraph 2 of Schedule 14 to the 2025 Act.

Parliamentary Status - Text of Legislation - Draft affirmative
Laid: Monday 2nd February - In Force: Not stated

Found: The Data Protection Act 201823.—(1) The Data Protection Act 2018(28) is amended as follows. (2) In each

Surrey (Structural Changes) Order 2026
This Order provides for the establishment, on 1st April 2027, of a single tier of local government in Surrey. Part 2 creates two new councils: West Surrey Council, for the same area as the existing districts of Guildford, Runnymede, Spelthorne, Surrey Heath, Waverley and Woking; and East Surrey Council, for the same area as the existing districts of Elmbridge, Epsom and Ewell, Mole Valley, Reigate and Banstead and Tandridge.

Parliamentary Status - Text of Legislation - Draft affirmative
Laid: Wednesday 14th January - In Force: Not stated

Found: Orders) (England) Regulations 2001(27), as a relevant authority; (e)for the purposes of the Data Protection Act

National Audit Office
Jan. 21 2026 Report - Regulating for growth (PDF) Found: Offi ce reporting In accordance with UK General Data Protection Regulation (UK GDPR) and the Data Protection Act

Department Publications - Consultations
Friday 6th February 2026 Department for Business and Trade Source Page: Make Work Pay: modernising the Agency Work Regulatory Framework Document: (PDF) Found: may be disclosed in accordance with UK legislation (the Freedom of Information Act 2000, the Data Protection Act
Thursday 5th February 2026 Department for Business and Trade Source Page: Make Work Pay: strengthening the law on tipping Document: (PDF) Found: may be disclosed in accordance with UK legislation (the Freedom of Information Act 2000, the Data Protection Act
Thursday 5th February 2026 Department for Business and Trade Source Page: Make Work Pay: improving access to flexible working Document: (PDF) Found: be disclosed in accordance with UK legislation (the Freedom of Information Act 2000, the Data Protection Act
Thursday 5th February 2026 Department for Business and Trade Source Page: Make Work Pay: improving access to flexible working Document: (PDF) Found: may be disclosed in accordance with UK legislation (the Freedom of Information Act 2000, the Data Protection Act
Thursday 5th February 2026 Ministry of Justice Source Page: A new Victims’ Code Document: (PDF) Found: service providers must do so effectively and in accordance with their obligations under the Data Protection Act
Thursday 5th February 2026 Ministry of Justice Source Page: A new Victims’ Code Document: (PDF) Found: These are primarily the Freedom of Information Act 2000 (FOIA), the Data Protection Act 2018 (DPA),
Thursday 5th February 2026 Department for Energy Security & Net Zero Source Page: Carbon capture, usage and storage (CCUS): non-pipeline transport Document: (PDF) Found: be disclosed in accordance with UK legislation (the Freedom of Information Act 2000, the Data Protection Act
Wednesday 4th February 2026 Department for Business and Trade Source Page: Make Work Pay: fire and rehire – changes to expenses, benefits, and shift patterns Document: (PDF) Found: be disclosed in accordance with UK legislation (the Freedom of Information Act 2000, the Data Protection Act
Wednesday 4th February 2026 Department for Business and Trade Source Page: Make Work Pay: recognition code of practice and e-balloting unfair practices Document: (PDF) Found: may be disclosed in accordance with UK legislation (the Freedom of Information Act 2000, the Data Protection Act
Thursday 29th January 2026 Department for Energy Security & Net Zero Source Page: Offshore Energy Strategic Environmental Assessment 5 Scoping Document: (PDF) Found: be disclosed in accordance with UK legislation (the Freedom of Information Act 2000, the Data Protection Act
Wednesday 21st January 2026 Department for Energy Security & Net Zero Source Page: Home Energy Model: Energy Performance Certificates Document: (PDF) Found: be disclosed in accordance with UK legislation (the Freedom of Information Act 2000, the Data Protection Act
Wednesday 21st January 2026 Department for Energy Security & Net Zero Source Page: Heat network technical standards Document: (PDF) Found: be disclosed in accordance with UK legislation (the Freedom of Information Act 2000, the Data Protection Act
Tuesday 20th January 2026 Department for Business and Trade Source Page: Refining our competition regime Document: (PDF) Found: may be disclosed in accordance with UK legislation (the Freedom of Information Act 2000, the Data Protection Act
Monday 19th January 2026 Home Office Source Page: Police Pension Scheme 2015: CPI revaluation Document: (webpage) Found: to information regimes (these are primarily the Freedom of Information Act 2000 (FOIA), the Data Protection Act
Wednesday 7th January 2026 Ministry of Justice Source Page: Interest on Lawyers' Client Accounts Scheme Document: (PDF) Found: to information regimes (these are primarily the Freedom of Information Act 2000 (FOIA), the Data Protection Act
Tuesday 6th January 2026 Department for Transport Source Page: Reviewing the law for powered mobility devices Document: (PDF) Found: The department will process your personal data in accordance with the Data Protection Act 2018 (DPA)

Department Publications - Statistics
Thursday 5th February 2026 Home Office Source Page: Report 11: offensive weapons homicide review, Harrow Document: (PDF) Found: June 2024 MPSNW Review Officer, Specialist Crime Review Group (SCRG) Short reports Data Protection Act
Wednesday 4th February 2026 Ministry of Justice Source Page: Independent Review of the Criminal Courts: Part 2 Document: (PDF) Found: DLRM Decommissioning and Legacy Risks Mitigation DMD Disclosure Management Document DPA 2018 Data Protection Act
Wednesday 4th February 2026 Ministry of Justice Source Page: Independent Review of the Criminal Courts: Part 2 Document: (PDF) Found: thorniest operational issue of [their] inspection’.392 Due to the CPS’s interpretation of the Data Protection Act
Thursday 29th January 2026 Ministry of Justice Source Page: Proven reoffending statistics: January to March 2024 Document: (PDF) Found: (Trustworthiness, Manage data responsibly)” To comply with this and with the Data Protection Act of 1998
Thursday 29th January 2026 Ministry of Justice Source Page: Criminal Justice Statistics Quarterly: September 2025 Document: (ODS) Found: misleading statements 09520 09520 - Obstructing the inspection of overseas information systems (Data Protection Act
Monday 26th January 2026 Department for Business and Trade Source Page: Research into governance models for Smart Data Document: (PDF) Found: The 2021 amendment to Singapore’s Personal Data Protection Act (PDPA) introduced a ‘Data Portability

Department Publications - Guidance
Thursday 5th February 2026 Foreign, Commonwealth & Development Office Source Page: AI for climate-smart agriculture and food security in Kenya Document: Volume 2: Terms of reference (webpage) Found: understanding.Data protection:All personal data must be collected and processed in line with Kenya’s Data Protection Act
Thursday 5th February 2026 Foreign, Commonwealth & Development Office Source Page: AI for climate-smart agriculture and food security in Kenya Document: Volume 5.2: Contract section 2, standard terms and conditions (webpage) Found: “DPA 2018” means the Data Protection Act 2018“Default” means any breach of the obligations of the Supplier
Tuesday 3rd February 2026 Ministry of Defence Source Page: Countering Illegal Use of UAS Around Prisons and Sensitive Sites Document: (PDF) Found: In this clause, "data protection legislation" has the same meaning as in the Data Protection Act 2018
Monday 2nd February 2026 Ministry of Housing, Communities and Local Government Source Page: Evaluation of the Renters’ Rights Act: Privacy notice Document: Evaluation of the Renters’ Rights Act: Privacy notice (webpage) Found: transparently, and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act
Thursday 29th January 2026 Department for Environment, Food and Rural Affairs Source Page: Roadstone coating: process guidance note 3/15 Document: (PDF) Found: Freedom of Information Act 2000 and the Environmental Information Regulations 2004 (if the Data Protection Act
Thursday 8th January 2026 Ministry of Justice Source Page: External escorts policy framework Document: (PDF) Found: individual recorded as a consequence of this framework will be processed in accordance with the Data Protection Act
Wednesday 31st December 2025 Ministry of Housing, Communities and Local Government Source Page: Short Form Terms Document: (PDF) Found: software or system that the Supplier is required to develop under this Contract; "DPA 2018" the Data Protection Act
Wednesday 31st December 2025 Ministry of Housing, Communities and Local Government Source Page: Low Value Terms Document: (PDF) Found: h) ‘Data Protection Legislation’ means • the UK GDPR • the Data Protection Act 2018 • all applicable
Tuesday 30th December 2025 Department for Education Source Page: Children in need census 2026 to 2027: guide Document: (PDF) Found: protection and data sharing 8 Legal duties under the UK General Data Protection Regulation and Data Protection Act
Monday 29th December 2025 Foreign, Commonwealth & Development Office Source Page: Measuring and incentivising academic research for social impact in Southern Africa Document: Volume 5.2: Contract section 2, standard terms and conditions (webpage) Found: “DPA 2018” means the Data Protection Act 2018“Default” means any breach of the obligations of the Supplier
Tuesday 23rd December 2025 Home Office Source Page: Law Enforcement Data Service (LEDS) data protection policy Document: (PDF) Found: statutory obligations relating to the management of personal data in LEDS arising from the Data Protection Act
Tuesday 23rd December 2025 Home Office Source Page: Law Enforcement Data Service (LEDS) data protection policy Document: Law Enforcement Data Service (LEDS) data protection policy (webpage) Found: statutory obligations relating to the management of personal data in LEDS arising from the Data Protection Act
Monday 22nd December 2025 Foreign, Commonwealth & Development Office Source Page: Fiscal incentives for private sector research and development investment in Kenya Document: Volume 5.2: Contract section 2, standard terms and conditions (webpage) Found: “DPA 2018” means the Data Protection Act 2018“Default” means any breach of the obligations of the Supplier
Monday 22nd December 2025 Foreign, Commonwealth & Development Office Source Page: Generating evidence from UK-supported energy pilots in Uganda to inform policy coherence, scale and investment for the energy transition Document: Volume 5.2: Contract section 2, standard terms and conditions (webpage) Found: “DPA 2018” means the Data Protection Act 2018“Default” means any breach of the obligations of the Supplier

Department Publications - Policy and Engagement
Monday 26th January 2026 Department of Health and Social Care Source Page: Changes to DHSC group accounting manual 2026 to 2027 Document: (PDF) Found: special severance payments conflicting with a legal obligation arising as a result of the Data Protection Act
Monday 29th December 2025 Department of Health and Social Care Source Page: Expanding access to naloxone: supply and emergency use Document: (PDF) Found: (2) For the purposes of section 8(c) of the Data Protection Act 2018 (lawfulness of processing: public

Department Publications - Services
Monday 19th January 2026 Home Office Source Page: Application for permission to rent in England Document: (PDF) Found: This also sets out your rights under the Data Protection Act 2018 and explains how you can access your

Department Publications - Transparency
Tuesday 13th January 2026 Home Office Source Page: Framework document between Migration Advisory Committee and the Home Office Document: (PDF) Found: for information is received by either party under the Freedom of Information Act 2000, the Data Protection Act

Non-Departmental Publications - Transparency
Feb. 05 2026 Ofgem Source Page: Ofgem framework document Document: (PDF) Transparency Found: information is received by either party under the Freedom of Information Act 2000, or the Data Protection Act
Jan. 30 2026 Mining Remediation Authority Source Page: Mining Remediation Authority framework document Document: (PDF) Transparency Found: Under the UK GDPR and Data Protection Act 2018 if there is a subject access request the party receiving
Jan. 29 2026 Submarine Delivery Agency Source Page: Submarine Delivery Agency (SDA): Annual Report and Accounts 2024 to 2025 Document: (PDF) Transparency Found: The SDA measures its maturity against the UK Data Protection Act 2018 annually, an activity governed
Jan. 12 2026 Pubs Code Adjudicator Source Page: PCA Annual Report and Accounts 2024-25 Document: (PDF) Transparency Found: consistent with the requirements of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act
Jan. 06 2026 Royal Armouries Museum Source Page: Royal Armouries Annual Report and Accounts 2024 to 2025 Document: (PDF) Transparency Found: , including but not limited to Charities Act 2011, Equality Act 2010, Bribery Act 2010 and Data Protection Act
Dec. 22 2025 Local Government and Social Care Ombudsman Source Page: Local Government and Social Care Ombudsman annual report and accounts 2024 to 2025 Document: (PDF) Transparency Found: accountable to the public, it is important we respond to formal requests for information (Data Protection Act

Non-Departmental Publications - Guidance and Regulation
Feb. 03 2026 Innovate UK Source Page: Countering Illegal Use of UAS Around Prisons and Sensitive Sites Document: (PDF) Guidance and Regulation Found: In this clause, "data protection legislation" has the same meaning as in the Data Protection Act 2018
Feb. 02 2026 HM Revenue & Customs Source Page: Register for Landfill Tax or change your registration details Document: Group Member Details (LT51) (PDF) Guidance and Regulation Found: complain-about-hmrc How we use your information For more information, go to www.gov.uk/government/collections/data-protection-act
Feb. 02 2026 HM Revenue & Customs Source Page: Register for Landfill Tax or change your registration details Document: Application for Group Treatment (LT50) (PDF) Guidance and Regulation Found: complain-about-hmrc How we use your information For more information, go to www.gov.uk/government/collections/data-protection-act
Jan. 27 2026 Defence and Security Accelerator Source Page: Conflict Wounds - From Biology to Battlefield Solutions Document: (PDF) Guidance and Regulation Found: In this clause, "data protection legislation" has the same meaning as in the Data Protection Act 2018
Jan. 27 2026 Defence and Security Accelerator Source Page: Competition: Defence Innovation Loans FY25/26 Cycle 7 Document: (PDF) Guidance and Regulation Found: We particularly draw to your attention the Bribery Act 2010, the Data Protection Act 2018, the Fraud
Jan. 22 2026 NHS England Source Page: Breast screening: acquisition and testing of ultrasound scanners Document: (PDF) Guidance and Regulation Found: and that guidelines for security of patient data are followed (NHS Digital Cyber security & Data Protection Act
Jan. 12 2026 Competition and Markets Authority Source Page: The Rolling Stock Leasing Market Investigation Order 2009 and undertakings Document: (PDF) Guidance and Regulation Found: confidentiality under an agreement; and (f) ‘personal data’ has the same meaning given to it in the Data Protection Act
Jan. 09 2026 Ofsted Source Page: Initial teacher education inspection data summary report (IDSR) guide Document: Initial teacher education inspection data summary report (IDSR) guide (webpage) Guidance and Regulation Found: the data in the IDSR, you must recognise the privacy of that data and always comply with the Data Protection Act
Jan. 08 2026 Planning Inspectorate Source Page: Section 62A Planning Application: S62A/2025/0133 Stoke Lodge Playing Fields, West Dene, Shirehampton, Bristol BS9 2BH - additional documents Document: Adrian Dobrovicz (PDF) Guidance and Regulation Found: residents (2011 Bristol Core Strategy), let alone any references to the core principles of the Data Protection Act
Jan. 08 2026 HM Prison and Probation Service Source Page: External escorts policy framework Document: (PDF) Guidance and Regulation Found: individual recorded as a consequence of this framework will be processed in accordance with the Data Protection Act
Jan. 05 2026 Civil Service Source Page: Civil Service management code Document: (webpage) Guidance and Regulation Found: 7The Advisory Committee handles personal information provided to it in accordance with the Data Protection Act

Non-Departmental Publications - Statistics
Jan. 29 2026 HM Revenue & Customs Source Page: Research on the use of the Goods Vehicle Movement Service 2024 Document: (webpage) Statistics Found: adheres to the Market Research Society Code of Conduct and the General Data Protection Regulation/Data Protection Act
Dec. 22 2025 Low Pay Commission Source Page: Low Pay Commission call for research for 2026 and beyond Document: (webpage) Statistics Found: “DPA 2018” the Data Protection Act 2018.
Dec. 22 2025 Low Pay Commission Source Page: Low Pay Commission call for research for 2026 and beyond Document: (webpage) Statistics Found: “DPA 2018” the Data Protection Act 2018.
Dec. 22 2025 Low Pay Commission Source Page: Low Pay Commission call for research for 2026 and beyond Document: (webpage) Statistics Found: “DPA 2018” the Data Protection Act 2018.
Dec. 22 2025 Low Pay Commission Source Page: Low Pay Commission call for research for 2026 and beyond Document: (webpage) Statistics Found: GDPR, and any applicable national implementing Laws as amended from time to time; (ii) the Data Protection Act
Dec. 22 2025 Low Pay Commission Source Page: Low Pay Commission call for research for 2026 and beyond Document: (webpage) Statistics Found: “DPA 2018” the Data Protection Act 2018.
Dec. 22 2025 Low Pay Commission Source Page: Low Pay Commission call for research for 2026 and beyond Document: (webpage) Statistics Found: “DPA 2018” the Data Protection Act 2018.
Dec. 22 2025 Low Pay Commission Source Page: Low Pay Commission call for research for 2026 and beyond Document: (webpage) Statistics Found: “DPA 2018” the Data Protection Act 2018.

Non-Departmental Publications - Open consultation
Jan. 29 2026 Offshore Petroleum Regulator for Environment and Decommissioning Source Page: Offshore Energy Strategic Environmental Assessment 5 Scoping Document: (PDF) Open consultation Found: be disclosed in accordance with UK legislation (the Freedom of Information Act 2000, the Data Protection Act
Jan. 22 2026 Competition and Markets Authority Source Page: Refreshing our guidance on unfair contract terms Document: (PDF) Open consultation Found: The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 protect individuals
Jan. 22 2026 Competition and Markets Authority Source Page: Refreshing our guidance on unfair contract terms Document: (PDF) Open consultation Found: This legislation is the General Data Protection Regulation 2016 and the Data Protection Act 2018.
Dec. 29 2025 Department of Health (Northern Ireland) Source Page: Expanding access to naloxone: supply and emergency use Document: (PDF) Open consultation Found: (2) For the purposes of section 8(c) of the Data Protection Act 2018 (lawfulness of processing: public

Arms Length Bodies Publications
Jan. 28 2026 NICE Source Page: Natalizumab (originator and biosimilar) for treating highly active relapsing–remitting multiple sclerosis after disease-modifying therapy Publication Type: Supporting evidence Document: Final draft guidance committee papers (PDF 1.78 MB) (webpage) Published Found: The register is fully compliant with GDPR/Data Protection Act 2018 Data specification A data dictionary
Jan. 02 2026 NICE Source Page: Natalizumab (originator and biosimilar) for treating highly active relapsing–remitting multiple sclerosis after disease-modifying therapy Publication Type: Final draft guidance Document: Committee papers - ACM2 (PDF 1.77 MB) (webpage) Published Found: The register is fully compliant with GDPR/Data Protection Act 2018 Data specification A data dictionary
Jan. 02 2026 NICE Source Page: Natalizumab (originator and biosimilar) for treating highly active relapsing–remitting multiple sclerosis after disease-modifying therapy Publication Type: Final draft guidance Document: Public committee slides - ACM2 (PDF 1.11 MB) (webpage) Published Found: The register is fully compliant with GDPR/Data Protection Act 2018 Data specification A data dictionary

Draft Secondary Legislation
The Data (Use and Access) Act 2025 (Consequential Amendments and Transitional Provision) Regulations 2026 These Regulations make various amendments to legislation in consequence of sections 117, 118 and 119(1) of the Data (Use and Access) Act 2025 (c. 18) (“the 2025 Act”). Those sections establish the Information Commission as a body corporate, abolish the office of the Information Commissioner and transfer the functions of the Information Commissioner to the Information Commission. These Regulations also make minor amendments in consequence of sections 67 and 91 of the 2025 Act, and contain transitional provision (to maintain pension arrangements) in respect of the person who holds the office of the Information Commissioner and is first chair of the Information Commission pursuant to paragraph 2 of Schedule 14 to the 2025 Act. Department for Science, Innovation & Technology Found: The Data Protection Act 201823.—(1) The Data Protection Act 2018(28) is amended as follows. (2) In each
The Surrey (Structural Changes) Order 2026 This Order provides for the establishment, on 1st April 2027, of a single tier of local government in Surrey. Part 2 creates two new councils: West Surrey Council, for the same area as the existing districts of Guildford, Runnymede, Spelthorne, Surrey Heath, Waverley and Woking; and East Surrey Council, for the same area as the existing districts of Elmbridge, Epsom and Ewell, Mole Valley, Reigate and Banstead and Tandridge. Ministry of Housing, Communities and Local Government Found: Orders) (England) Regulations 2001(27), as a relevant authority; (e)for the purposes of the Data Protection Act

Draft Secondary Legislation

The Data (Use and Access) Act 2025 (Consequential Amendments and Transitional Provision) Regulations 2026
These Regulations make various amendments to legislation in consequence of sections 117, 118 and 119(1) of the Data (Use and Access) Act 2025 (c. 18) (“the 2025 Act”). Those sections establish the Information Commission as a body corporate, abolish the office of the Information Commissioner and transfer the functions of the Information Commissioner to the Information Commission. These Regulations also make minor amendments in consequence of sections 67 and 91 of the 2025 Act, and contain transitional provision (to maintain pension arrangements) in respect of the person who holds the office of the Information Commissioner and is first chair of the Information Commission pursuant to paragraph 2 of Schedule 14 to the 2025 Act.

Department for Science, Innovation & Technology

Found: The Data Protection Act 201823.—(1) The Data Protection Act 2018(28) is amended as follows. (2) In each

The Surrey (Structural Changes) Order 2026
This Order provides for the establishment, on 1st April 2027, of a single tier of local government in Surrey. Part 2 creates two new councils: West Surrey Council, for the same area as the existing districts of Guildford, Runnymede, Spelthorne, Surrey Heath, Waverley and Woking; and East Surrey Council, for the same area as the existing districts of Elmbridge, Epsom and Ewell, Mole Valley, Reigate and Banstead and Tandridge.

Ministry of Housing, Communities and Local Government

Found: Orders) (England) Regulations 2001(27), as a relevant authority; (e)for the purposes of the Data Protection Act

Deposited Papers
Wednesday 4th February 2026 Source Page: Independent Review of the Criminal Courts. Part II: overview, volume 1 and 2 [Review by Sir Brian Leveson]. 3 docs. Document: Independent_Review_of_the_Criminal_Courts_Part_2_Volume_2.pdf (PDF) Found: DLRM Decommissioning and Legacy Risks Mitigation DMD Disclosure Management Document DPA 2018 Data Protection Act
Wednesday 4th February 2026 Source Page: Independent Review of the Criminal Courts. Part II: overview, volume 1 and 2 [Review by Sir Brian Leveson]. 3 docs. Document: Independent_Review_of_the_Criminal_Courts_Part_2_Volume_1.pdf (PDF) Found: thorniest operational issue of [their] inspection’.392 Due to the CPS’s interpretation of the Data Protection Act
Friday 23rd January 2026 Source Page: I. Framework Document NDPB Charity 2025-2028. The National Gallery. Incl. Annex A. 33p. II. Annex B: Cultural Freedom Bodies’ Freedoms Charter. 8p. III. Annex C: Commercial Activities and Reporting Requirements. 6p. Document: Annex_A_National_Gallery_Framework_Document_signed.docx__1_.pdf (PDF) Found: is received by either party under the Freedom of Information Act 2000, or the Data Protection Act
Friday 23rd January 2026 Source Page: I. Framework Document NDPB Charity 2025-2028: The Wallace Collection. Incl. Annex A. 30p. II. Annex B: Cultural Freedom Bodies’ Freedoms Charter. 8p. III. Annex C: Commercial Activities and Reporting Requirements. 5p. Document: The_Wallace_Collection_DCMS_framework_document.pdf (PDF) Found: is received by either party under the Freedom of Information Act 2000, or the Data Protection Act
Thursday 8th January 2026 Department for Transport Source Page: I. Road safety strategy. Incl. Annexes. 60p. II. Consultation on: Proposed changes to penalties for motoring offences. 41p. III. Consultation on: Introducing a minimum learning period for learner drivers (category B driving licence). 24p. IV. Consultation on: Introducing mandatory eyesight testing for older drivers. 21p. V. Consultation on: Improving moped and motorcycle training, testing and licensing Category A (AM, A1, A2 and full A). 31p. VII. Consultation on: Mandating vehicle safety technologies in GB type approval. 35p. VIII. Letter dated 07/01/2026 from Heidi Alexander MP to the Deposited Papers Clerk regarding the above documents for deposit in the House Libraries. 1p. Document: moped_and_motorcycle_training_testing_and_licensing.pdf (PDF) Found: process your personal data in accordance DVSA Policy team consultations@dvsa.gov.ukwith the Data Protection Act
Thursday 8th January 2026 Department for Transport Source Page: I. Road safety strategy. Incl. Annexes. 60p. II. Consultation on: Proposed changes to penalties for motoring offences. 41p. III. Consultation on: Introducing a minimum learning period for learner drivers (category B driving licence). 24p. IV. Consultation on: Introducing mandatory eyesight testing for older drivers. 21p. V. Consultation on: Improving moped and motorcycle training, testing and licensing Category A (AM, A1, A2 and full A). 31p. VII. Consultation on: Mandating vehicle safety technologies in GB type approval. 35p. VIII. Letter dated 07/01/2026 from Heidi Alexander MP to the Deposited Papers Clerk regarding the above documents for deposit in the House Libraries. 1p. Document: Proposed_changes_to_penalities_for_motoring_offences.pdf (PDF) Found: The department will process your personal data in accordance with the Data Protection Act 2018 (DPA)
Monday 5th January 2026 Source Page: UK Sport Framework Document. 40p. Document: UK_Sport_Framework_Document_2025_.pdf (PDF) Found: information is received by either party under the Freedom of Information Act 2000, or the Data Protection Act
Tuesday 23rd December 2025 Home Office Source Page: I. Manchester Arena Inquiry - Monitored recommendation 7 and 8. Government consultation. 38p. II. Consultation options assessment. 64p. Document: Manchester_Arena_Inquiry.pdf (PDF) Found: to information regimes (these are primarily the Freedom of Information Act 2000 (FOIA), the Data Protection Act

Data Protection Act 2018 mentioned in Scottish results

Scottish Government Publications
Friday 6th February 2026 Tackling Child Poverty and Social Justice Directorate Source Page: Scottish Charitable Incorporated Organisations: Dissolution Regulations Amendments - Consultation Analysis Document: Scottish Charitable Incorporated Organisations: Dissolution Regulations Amendments: Consultation Analysis (PDF) Found: generally be mindful of statutory obligations under the UK General Data Protection Regulation and Data Protection Act
Wednesday 4th February 2026 Learning Directorate Source Page: Number of concerns and requests to withdraw the guidance Supporting Transgender Pupils in Schools: FOI release Document: Number of concerns and requests to withdraw the guidance Supporting Transgender Pupils in Schools: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Wednesday 4th February 2026 Source Page: Briefings and analysis about gender responsive budgeting: FOI release Document: Briefings and analysis about gender responsive budgeting: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Wednesday 4th February 2026 Justice Directorate Source Page: Documentation held relating to the Gender Recognition Reform Bill: FOI release Document: FOI 202500491144 - Information released - Annex A & Annex B (PDF) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Wednesday 4th February 2026 Source Page: Correspondence between AGS Airports and Scottish Government: FOI release Document: Correspondence between AGS Airports and Scottish Government: FOI release (webpage) Found: individuals, and disclosing this would contravene the data protection principles on Schedule 1 of the Data Protection Act
Wednesday 4th February 2026 Equality, Inclusion and Human Rights Directorate Source Page: Details of the funding grant deal with Elect Her: FOI release Document: FOI 202500491605 - Information released - Annex (PDF) Found: individuals with regard to the processing of Personal Data to which a Party is subject including the Data Protection Act
Wednesday 4th February 2026 International Trade and Investment Directorate Source Page: Documentation regarding a trade deal between the United Kingdom and United States of America: FOI release Document: Documentation regarding a trade deal between the United Kingdom and United States of America: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Wednesday 4th February 2026 Primary Care Directorate Source Page: Walk in GP policy announcement information: FOI release Document: Walk in GP policy announcement information: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Wednesday 4th February 2026 Marine Directorate Source Page: Correspondence relating to the escape of Salmon from Gorsten Fish Farm: EIR release Document: Correspondence relating to the escape of Salmon from Gorsten Fish Farm: EIR release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Wednesday 4th February 2026 Source Page: City of Edinburgh Council correspondence regarding the proposed new West Edinburgh secondary school: EIR release Document: City of Edinburgh Council correspondence regarding the proposed new West Edinburgh secondary school: EIR release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Wednesday 4th February 2026 Education Reform Directorate Source Page: Cabinet Secretary for Education correspondence on the “Palestine and Israel – Understanding the Conflict” teaching resource: FOI release Document: Cabinet Secretary for Education correspondence on the “Palestine and Israel – Understanding the Conflict” teaching resource: FOI release (webpage) Found: principes in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Wednesday 4th February 2026 Offshore Wind Directorate Source Page: Documentation regarding ScotWind meeting: EIR release Document: Documentation regarding ScotWind meeting: EIR release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Tuesday 3rd February 2026 Strategy Directorate Source Page: Scottish Government People's Panel 2026 to 2027: privacy notice Document: Scottish Government People's Panel 2026 to 2027: privacy notice (webpage) Found: Please note that these rights are not absolute, and may be subject to exemptions under the Data Protection Act
Tuesday 3rd February 2026 Equality, Inclusion and Human Rights Directorate Source Page: UK Government correspondence on the topic of the case of For Women Scotland versus the Scottish Government: FOI release Document: UK Government correspondence on the topic of the case of For Women Scotland versus the Scottish Government: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Tuesday 3rd February 2026 People Directorate Source Page: Chief Medical Officer and Chief Statistician appointment and resignation letters: FOI release Document: Chief Medical Officer and Chief Statistician appointment and resignation letters: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Tuesday 3rd February 2026 Communications and Ministerial Support Directorate Source Page: PCS and FDA union correspondence regarding civil service working: FOI release Document: PCS and FDA union correspondence regarding civil service working: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Tuesday 3rd February 2026 Environment and Forestry Directorate Source Page: Landfill ban information: EIR release Document: EIR 202500491029 - Information released - Annex A - C (PDF) Found: Article 5(1) of the General Data Protection Regulations (GDPR) and in Section 34(1) of the Data Protection Act
Tuesday 3rd February 2026 Source Page: Production company funding and BBC Scotland documentation: FOI release Document: Production company funding and BBC Scotland documentation: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Tuesday 3rd February 2026 Environment and Forestry Directorate Source Page: Managing deer in the context of the Natural Environment (Scotland) Bill since July 2025: EIR release Document: EIR 202500491038 - Information Released - Annex A and Annex B (PDF) Found: Article 5(1) of the General Data Protection Regulations (GDPR) and in Section 34(1) of the Data Protection Act
Monday 2nd February 2026 Social Security Directorate Source Page: Correspondence relating to the return of the Winter Fuel Payment: FOI release Document: Correspondence relating to the return of the Winter Fuel Payment: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Monday 2nd February 2026 Constitution Directorate Source Page: Correspondence relating to the second independence referendum: FOI release Document: Correspondence relating to the second independence referendum: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Monday 2nd February 2026 Population Health Directorate Source Page: Documentation regarding Right To Addiction Recovery (Scotland) Bill: FOI release Document: Documentation regarding Right To Addiction Recovery (Scotland) Bill: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Monday 2nd February 2026 Communications and Ministerial Support Directorate Source Page: Correspondence to Cabinet Secretary for Health and Social Care from members of the public about the NHS: FOI release Document: Correspondence to Cabinet Secretary for Health and Social Care from members of the public about the NHS: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Monday 2nd February 2026 Environment and Forestry Directorate Source Page: Correspondence from selected MSP's relating to the Deposit Return Scheme: EIR release Document: FOI 202500490831 - Information released - Annex A & Annex B (PDF) Found: Article 5(1) of the General Data Protection Regulations (GDPR) and in Section 34(1) of the Data Protection Act
Monday 2nd February 2026 Communications and Ministerial Support Directorate Source Page: Documentation which mentions former First Minister Chief of Staff and former Special Adviser: FOI release Document: Documentation which mentions former First Minister Chief of Staff and former Special Adviser: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Monday 2nd February 2026 Environment and Forestry Directorate Source Page: Information and correspondence relating to the Deputy Director for the Future Environment Division, the 'Sponsorship Hub’ and Environmental Standards Scotland (ESS): EIR release Document: Information and correspondence relating to the Deputy Director for the Future Environment Division, the 'Sponsorship Hub’ and Environmental Standards Scotland (ESS): EIR release (webpage) Found: Article 5(1) of the General Data Protection Regulations (GDPR) and in Section 34(1) of the Data Protection Act
Thursday 29th January 2026 Propriety and Ethics Directorate Source Page: Ministerial Code Advisers and Senior Civil Servants correspondence: FOI release Document: Ministerial Code Advisers and Senior Civil Servants correspondence: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Thursday 29th January 2026 Marine Directorate Source Page: Marine fund applications 2025-2026: EIR release Document: Marine fund applications 2025-2026: EIR release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Wednesday 28th January 2026 People Directorate Source Page: Recruitment process and guidelines information for civil service roles: FOI release Document: FOI 202500490273 - Information Released - Annex (PDF) Found: Panel members must ensure that they are aware of their obligations under the Data Protection Act 1998
Wednesday 28th January 2026 Communications and Ministerial Support Directorate Source Page: Corporate News article regarding New hybrid working policy: FOI release Document: Corporate News article regarding New hybrid working policy: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Wednesday 28th January 2026 Communications and Ministerial Support Directorate Source Page: Palestine flag costs and communications: FOI release Document: FOI 202500490123 - Information Released - Annex (PDF) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Wednesday 28th January 2026 Source Page: Renfrew High School inspection and complaints: FOI release Document: Renfrew High School inspection and complaints: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Wednesday 28th January 2026 Economic Development Directorate Source Page: Public support for the production of munitions information: FOI release Document: Public support for the production of munitions information: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Tuesday 27th January 2026 Marine Directorate Source Page: Correspondence received by the Cabinet Secretary for Transport, Net Zero and Just Transition regarding Highly Protected Marine Areas: EIR release Document: Correspondence received by the Cabinet Secretary for Transport, Net Zero and Just Transition regarding Highly Protected Marine Areas: EIR release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Tuesday 27th January 2026 Energy and Climate Change Directorate Source Page: Cabinet Secretary for Climate Action and Energy meetings with energy companies: EIR release Document: Cabinet Secretary for Climate Action and Energy meetings with energy companies: EIR release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Tuesday 27th January 2026 Source Page: Ministerial correspondence relating to A96 Dualling project and the A96 Corridor Review: FOI release Document: Ministerial correspondence relating to A96 Dualling project and the A96 Corridor Review: FOI release (webpage) Found: party and disclosing it would contravene the data protection principles in Schedule 1 to the Data Protection Act
Tuesday 27th January 2026 Energy and Climate Change Directorate Source Page: Correspondence regarding SSEN’s Kintore to Tealing Overhead Line: EIR release Document: Correspondence regarding SSEN’s Kintore to Tealing Overhead Line: EIR release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Monday 26th January 2026 Equality, Inclusion and Human Rights Directorate Source Page: Ending conversion practices in Scotland consultation analysis: FOI release Document: Ending conversion practices in Scotland consultation analysis: FOI release (webpage) Found: contravene data protection principles set out in the UK General Data Protection Regulation and the Data Protection Act
Monday 26th January 2026 Social Care and National Care Service Development Source Page: Correspondence regarding the reduction of NHS waiting times: FOI Review Document: Correspondence regarding the reduction of NHS waiting times: FOI Review (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Monday 26th January 2026 Agriculture and Rural Economy Directorate Source Page: Details of meetings with Shetland Island Council on self-determination: FOI release Document: Details of meetings with Shetland Island Council on self-determination: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Monday 26th January 2026 Source Page: Environmental Impact Assessment (EIA) status of Snar Farm, Lanarkshire: EIR release Document: Environmental Impact Assessment (EIA) status of Snar Farm, Lanarkshire: EIR release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Monday 26th January 2026 Environment and Forestry Directorate Source Page: Documentation held by the Scottish Government regarding wildfires in Scotland: EIR release Document: FOI 202500489429 - Information released - Annex (PDF) Found: Article 5(1) of the General Data Protection Regulations (GDPR) and in Section 34(1) of the Data Protection Act
Monday 26th January 2026 Social Security Directorate Source Page: Ministerial reports written on ending the two child cap: FOI release Document: FOI 202500489428 - Information released - Annex B (PDF) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Monday 26th January 2026 Source Page: Transport Scotland proposed CalMac Ferries Limited Subsidy to the Subsidy Advice Unit (SAU): FOI release Document: FOI 202500488698 - Information Released - Annex (PDF) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Monday 26th January 2026 Marine Directorate Source Page: Materials on meeting between Dee District Salmon Fishery Board and Marine Scotland at Faskally, Pitlochry: EIR release Document: Materials on meeting between Dee District Salmon Fishery Board and Marine Scotland at Faskally, Pitlochry: EIR release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Monday 26th January 2026 Social Security Directorate Source Page: Documentation which mentions Professor of Human Geography at the University of Sheffield: FOI release Document: Documentation which mentions Professor of Human Geography at the University of Sheffield: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Monday 26th January 2026 Source Page: Transport Scotland expenditure and records concerning Rest and Be Thankful route: EIR release Document: Transport Scotland expenditure and records concerning Rest and Be Thankful route: EIR release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Monday 26th January 2026 Health Workforce Directorate Source Page: Communication with Healthcare Improvement Scotland regarding the WRN Scotland report titled "How Safe Are Our Scottish Hospitals?": FOI release Document: Communication with Healthcare Improvement Scotland regarding the WRN Scotland report titled "How Safe Are Our Scottish Hospitals?": FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Monday 26th January 2026 Environment and Forestry Directorate Source Page: Cairngorms National Park Fire Management Byelaws 2025: EIR release Document: FOI 202500489046 - Information released - Annex A & Annex B (PDF) Found: Article 5(1) of the General Data Protection Regulations (GDPR) and in Section 34(1) of the Data Protection Act
Monday 26th January 2026 Source Page: Correspondence from the Scottish Government to the UK Government relating to inheritance tax changes: FOI release Document: Correspondence from the Scottish Government to the UK Government relating to inheritance tax changes: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Thursday 22nd January 2026 Source Page: Ethnicity queries of Social Security Scotland employees: FOI release Document: Ethnicity queries of Social Security Scotland employees: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and section 34(1) of the Data Protection Act
Wednesday 21st January 2026 Source Page: Historic Environment Scotland correspondence regarding Edinburgh Castle dinner: FOI release Document: Historic Environment Scotland correspondence regarding Edinburgh Castle dinner: FOI release (webpage) Found: are the data subject, and so it is subject to the General Data Protection Regulation and the Data Protection Act
Wednesday 21st January 2026 Energy and Climate Change Directorate Source Page: Cabinet Secretary for Climate Action and Energy meeting held regarding opposition to wind farms: EIR release Document: Cabinet Secretary for Climate Action and Energy meeting held regarding opposition to wind farms: EIR release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Wednesday 21st January 2026 Social Care and National Care Service Development Source Page: Data Protection Impact Assessment for The Care Home Services (Visits to and by Care Home Residents) (Scotland) Regulations 2026 Document: Data Protection Impact Assessment for The Care Home Services (Visits to and by Care Home Residents) (Scotland) Regulations 2026 (PDF) Found: organisation a public authority or body as set out in Part 2, Chapter 2, Section 7 of the Data Protection Act
Wednesday 21st January 2026 Economic Development Directorate Source Page: Minutes of the meeting between Minister for Public Finance and GFG Alliance: FOI release Document: Minutes of the meeting between Minister for Public Finance and GFG Alliance: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Wednesday 21st January 2026 Energy and Climate Change Directorate Source Page: Offshore Energy Skills Passport correspondence: EIR release Document: Offshore Energy Skills Passport correspondence: EIR release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Wednesday 21st January 2026 Environment and Forestry Directorate Source Page: Correspondence relating to the delay to the muirburn licensing scheme: EIR release Document: EIR 202500488610 - Information Released - Annex A and Annex B (PDF) Found: Article 5(1) of the General Data Protection Regulations (GDPR) and in Section 34(1) of the Data Protection Act
Wednesday 21st January 2026 Source Page: Restructure of Primary Enhanced Provisions in Falkirk Primary Schools: FOI release Document: FOI 202500488668 - Information Released - Attachments (PDF) Found: out in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Wednesday 21st January 2026 Environment and Forestry Directorate Source Page: Scottish Government spend on Seagull summit: EIR release Document: Scottish Government spend on Seagull summit: EIR release (webpage) Found: Article 5(1) of the General Data Protection Regulations (GDPR) and in Section 34(1) of the Data Protection Act
Wednesday 21st January 2026 Population Health Directorate Source Page: Correspondence from the Population Health Directorate regarding mobile drug consumption units or facilities: FOI release Document: Correspondence from the Population Health Directorate regarding mobile drug consumption units or facilities: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Wednesday 21st January 2026 Safer Communities Directorate Source Page: Football disorder in Scotland: FOI release Document: Football disorder in Scotland: FOI release (webpage) Found: protection principles in the UK General Data Protection Regulation and in section 34(1) of the Data Protection Act
Wednesday 21st January 2026 Communications and Ministerial Support Directorate Source Page: Diary events for Minister for Parliamentary Business on 18th September 2025: FOI release Document: Diary events for Minister for Parliamentary Business on 18th September 2025: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Wednesday 21st January 2026 Environment and Forestry Directorate Source Page: Scottish Government spend on Seagull summit: EIR release Document: EIR 202500485195 - Information Released - Annex A to Annex D (PDF) Found: Article 5(1) of the General Data Protection Regulations (GDPR) and in Section 34(1) of the Data Protection Act
Tuesday 20th January 2026 Children and Families Directorate Source Page: Documentation regarding free school breakfast clubs: FOI release Document: Documentation regarding free school breakfast clubs: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Tuesday 20th January 2026 Constitution Directorate Source Page: Documentation that mentions former UK Prime Minister: FOI release Document: Documentation that mentions former UK Prime Minister: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Tuesday 20th January 2026 Source Page: Minister of State for International Development and Diaspora meeting documentation: FOI release Document: Minister of State for International Development and Diaspora meeting documentation: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Tuesday 20th January 2026 Environment and Forestry Directorate Source Page: Queries relating to the draft speech Minister for Agriculture and Connectivity regarding Urban Gull Summit: EIR release Document: FOI 202500487372 - Information released - Annex A - Annex D (PDF) Found: Article 5(1) of the General Data Protection Regulations (GDPR) and in Section 34(1) of the Data Protection Act
Tuesday 20th January 2026 Constitution Directorate Source Page: Documentation regarding the Right to Decide paper: FOI release Document: Documentation regarding the Right to Decide paper: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Tuesday 20th January 2026 Economic Development Directorate Source Page: Documentation that mentions BAE Systems: FOI release Document: Documentation that mentions BAE Systems: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Tuesday 20th January 2026 Communications and Ministerial Support Directorate Source Page: Meetings held between Scottish Government ministers and the Depute Leader of the Scottish National Party (SNP): FOI release Document: Meetings held between Scottish Government ministers and the Depute Leader of the Scottish National Party (SNP): FOI release (webpage) Found: principles inArticle 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Tuesday 20th January 2026 Source Page: Copies of the contract between Dunedin and Accountant in Bankruptcy (AiB): FOI release Document: FOI 202500488328 - Information released - Annex A & Annex B (PDF) Found: individuals with regard to the processing of Personal Data to which a Party is subject including the Data Protection Act
Tuesday 20th January 2026 Source Page: Transport Scotland - Trunk road between Bankhead roundabout and Preston Roundabout statistics: EIR release Document: Transport Scotland - Trunk road between Bankhead roundabout and Preston Roundabout statistics: EIR release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Tuesday 20th January 2026 Source Page: Statistics on Education Scotland employees who failed probation: FOI release Document: Statistics on Education Scotland employees who failed probation: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Tuesday 20th January 2026 Marine Directorate Source Page: Data on vessels passing the Pentland Firth at specific dates: EIR release Document: Data on vessels passing the Pentland Firth at specific dates: EIR release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Tuesday 20th January 2026 Safer Communities Directorate Source Page: Briefing documents concerning Russian influenced operations in Scotland: FOI release Document: FOI 202500488300 - Information released - Annex (PDF) Found: the data protection principles in Article 5(1) of the UK GDPR and in section 34(1) of the Data Protection Act
Tuesday 20th January 2026 Source Page: Todrig woodland creation scheme: EIR Appeal Document: Todrig woodland creation scheme: EIR Appeal (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Tuesday 20th January 2026 Communications and Ministerial Support Directorate Source Page: List of all job titles in the Honours and Protocols Team: FOI review Document: List of all job titles in the Honours and Protocols Team: FOI review (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Tuesday 20th January 2026 Source Page: Correspondence on First Minister’s Tax Claim and Potential Correction: FOI release Document: FOI 202500488531 - Information released - Annex A (PDF) Found: the data subject, and so it is subject to the General Data Protection Regulation and the Data Protection Act
Tuesday 20th January 2026 Constitution Directorate Source Page: Correspondence regarding "A Fresh Start with Independence": FOI release Document: FOI 202500488712 - Information released - Annex A - Annex E (PDF) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Tuesday 20th January 2026 Marine Directorate Source Page: Marine Scotland – Scallop landing data: EIR release Document: Marine Scotland – Scallop landing data: EIR release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Monday 19th January 2026 Source Page: Documentation relating to the Scottish Government’s commitment to increase annual culture budgets: FOI release Document: Documentation relating to the Scottish Government’s commitment to increase annual culture budgets: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Monday 19th January 2026 Equality, Inclusion and Human Rights Directorate Source Page: Scottish Ministers meeting with the Equality and Human Rights Commission (EHRC) details: FOI Review Document: Scottish Ministers meeting with the Equality and Human Rights Commission (EHRC) details: FOI Review (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Monday 19th January 2026 Communications and Ministerial Support Directorate Source Page: British Business Awards dinner information: FOI release Document: British Business Awards dinner information: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Monday 19th January 2026 Agriculture and Rural Economy Directorate Source Page: Scottish Government’s Farm Subsidy IT system queries: FOI release Document: Scottish Government’s Farm Subsidy IT system queries: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Monday 19th January 2026 Environment and Forestry Directorate Source Page: Wildfire summit attendee list, briefing and minutes: EIR release Document: Wildfire summit attendee list, briefing and minutes: EIR release (webpage) Found: Article 5(1) of the General Data Protection Regulations (GDPR) and in Section 34(1) of the Data Protection Act
Monday 19th January 2026 Communications and Ministerial Support Directorate Source Page: Correspondence sent or received by the Housing Secretary: FOI release Document: FOI 202500472618 - Information released - ANNEX A (PDF) Found: principles in Articl e 5(1) of the General Data Protection Regulation and in Section 34(1) of the Data Protection Act
Monday 19th January 2026 Chief Operating Officer, NHS Scotland Directorate Source Page: National Treatment Centres correspondence: FOI release Document: National Treatment Centres correspondence: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Monday 19th January 2026 Source Page: UK Government Treasury meeting information: FOI release Document: UK Government Treasury meeting information: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Monday 19th January 2026 Offshore Wind Directorate Source Page: Communications from Scottish Enterprise & Scottish Ministers re Moray Firth Flow Park: EIR release Document: Communications from Scottish Enterprise & Scottish Ministers re Moray Firth Flow Park: EIR release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Monday 19th January 2026 Safer Communities Directorate Source Page: Serious Organised Crime Taskforce meeting information: FOI release Document: Serious Organised Crime Taskforce meeting information: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Monday 19th January 2026 Safer Communities Directorate Source Page: Serious Organised Crime (SOC) Taskforce meeting documents: FOI release Document: Serious Organised Crime (SOC) Taskforce meeting documents: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Monday 19th January 2026 Safer Communities Directorate Source Page: Serious Organised Crime (SOC) Taskforce meeting documents: FOI release Document: FOI 202500493769 - Information released - Annex (PDF) Found: that more support could be required regarding data sharing, for example in relation to the Data Protection Act
Wednesday 14th January 2026 Primary Care Directorate Source Page: Documentation regarding delivery of more GP appointments: FOI release Document: Documentation regarding delivery of more GP appointments: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Wednesday 14th January 2026 Agriculture and Rural Economy Directorate Source Page: Isle of Colonsay estate correspondence regarding grant applications: EIR Review Document: Isle of Colonsay estate correspondence regarding grant applications: EIR Review (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Wednesday 14th January 2026 Agriculture and Rural Economy Directorate Source Page: Isle of Colonsay estate correspondence regarding grant applications: EIR Review Document: EIR 202500477588 - Information released - Annex (PDF) Found: Information (Scotland) Act 2002 (FOISA), the UK General Data Protection Regulation and the Data Protection Act
Wednesday 14th January 2026 Agriculture and Rural Economy Directorate Source Page: Communications from Pet Education Training and Behaviour Council: EIR release Document: Communications from Pet Education Training and Behaviour Council: EIR release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Wednesday 14th January 2026 Source Page: Correspondence regarding Eurovision Song Contest: FOI release Document: Correspondence regarding Eurovision Song Contest: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Wednesday 14th January 2026 Constitution Directorate Source Page: Your Right to Decide correspondence and meeting information: FOI release Document: Your Right to Decide correspondence and meeting information: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Wednesday 14th January 2026 Lifelong Learning and Skills Directorate Source Page: First Minister's Better Society Academy speech documentation: FOI release Document: First Minister's Better Society Academy speech documentation: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Wednesday 14th January 2026 Children and Families Directorate Source Page: NHS Highland correspondence regarding maternity services in Caithness: FOI release Document: NHS Highland correspondence regarding maternity services in Caithness: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Wednesday 14th January 2026 Chief Economist Directorate Source Page: Government Expenditure and Revenue Scotland news release query: FOI Review Document: Government Expenditure and Revenue Scotland news release query: FOI Review (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Tuesday 13th January 2026 Source Page: Scottish Forestry information on Whitslaid woodland creation scheme: EIR release Document: FOI 202500485427 - Information Released - Annex A (PDF) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Tuesday 13th January 2026 Environment and Forestry Directorate Source Page: Correspondence to Minister for Agriculture and Connectivity regarding Seagull Summit: EIR release Document: Correspondence to Minister for Agriculture and Connectivity regarding Seagull Summit: EIR release (webpage) Found: Article 5(1) of the General Data Protection Regulations (GDPR) and in Section 34(1) of the Data Protection Act
Tuesday 13th January 2026 Chief Medical Officer Directorate Source Page: Cost to NHS Scotland of prescribing paracetamol tablets: FOI release Document: Cost to NHS Scotland of prescribing paracetamol tablets: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Tuesday 13th January 2026 People Directorate Source Page: Scottish Government employees receiving compensation for losing their position: FOI release Document: Scottish Government employees receiving compensation for losing their position: FOI release (webpage) Found: out in Article 5(1) of the UK General Data Protection Regulation and in section 34(1) of the Data Protection Act
Tuesday 13th January 2026 Justice Directorate Source Page: Minister for Victims and Community Safety and Scotland for Decrim meeting materials: FOI release Document: Minister for Victims and Community Safety and Scotland for Decrim meeting materials: FOI release (webpage) Found: regulate the relationship between FOISA, the UK General Data Protection Regulation and the Data Protection Act
Tuesday 13th January 2026 Source Page: Correspondence relating to Cabinet Secretary for Constitution, External Affairs and Culture's meeting with Scottish Television: FOI release Document: Correspondence relating to Cabinet Secretary for Constitution, External Affairs and Culture's meeting with Scottish Television: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Tuesday 13th January 2026 Economic Development Directorate Source Page: Techscaler selection process and assessment structure: FOI release Document: Techscaler selection process and assessment structure: FOI release (webpage) Found: contravene the data-protection principles in Article 5(1) of the UK GDPR and section 34(1) of the Data Protection Act
Tuesday 13th January 2026 Justice Directorate Source Page: Dog wardens in all councils: EIR release Document: Dog wardens in all councils: EIR release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Tuesday 13th January 2026 Marine Directorate Source Page: Scottish offshore marine protected areas information: EIR release Document: Scottish offshore marine protected areas information: EIR release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Tuesday 13th January 2026 Offshore Wind Directorate Source Page: Correspondence between Scottish Government and Crown Estate Scotland regarding Scotwind: EIR release Document: Correspondence between Scottish Government and Crown Estate Scotland regarding Scotwind: EIR release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Tuesday 13th January 2026 Source Page: Transport Scotland A77 road information – Turnberry to Girvan: FOI release Document: Transport Scotland A77 road information – Turnberry to Girvan: FOI release (webpage) Found: protection principles outlined in the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act
Tuesday 13th January 2026 Local Government and Housing Directorate Source Page: Affordable homes grants, loans and bonds data: FOI release Document: FOI 202500486835 - Information released - Documents (PDF) Found: individuals with regard to the processing of Personal Data to which a Party is subject including the Data Protection Act
Tuesday 13th January 2026 Justice Directorate Source Page: Barlinnie replacement prison and recorded crime in Scotland: FOI release Document: Barlinnie replacement prison and recorded crime in Scotland: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Tuesday 13th January 2026 Marine Directorate Source Page: Cleaner fish transfers data: EIR release Document: Cleaner fish transfers data: EIR release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Tuesday 13th January 2026 Justice Directorate Source Page: Correspondence mentioning Minister of State for Prisons: FOI release Document: Correspondence mentioning Minister of State for Prisons: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Tuesday 13th January 2026 Source Page: Protection of Vulnerable Groups (PVG) scheme data for Sea Cadets Corps: FOI release Document: Protection of Vulnerable Groups (PVG) scheme data for Sea Cadets Corps: FOI release (webpage) Found: principles in Article 5(1) of the UK General Data Protection Regulation and in section 34(1) of the Data Protection Act
Tuesday 13th January 2026 Chief Operating Officer, NHS Scotland Directorate Source Page: Provision of non-therapeutic male circumcision reports and correspondence: FOI release Document: Provision of non-therapeutic male circumcision reports and correspondence: FOI release (webpage) Found: protection principles in Article 5(1)of the General Data Protection Regulation and in S.34(1) of the Data Protection Act
Tuesday 13th January 2026 People Directorate Source Page: Formal complaints made about the behaviour of Special Advisers: FOI release Document: Formal complaints made about the behaviour of Special Advisers: FOI release (webpage) Found: out in Article 5(1) of the UK General Data Protection Regulation and in section 34(1) of the Data Protection Act
Tuesday 13th January 2026 Constitution Directorate Source Page: Correspondence relating to 'Your Right to Decide' publication: FOI release Document: FOI 202500486265 - Information Released - Annex A (PDF) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Tuesday 13th January 2026 Propriety and Ethics Directorate Source Page: Correspondence between the Propriety and Ethics Directorate, the Permanent Secretary and the First Minister's office regarding the summit held by Scottish Government: FOI release Document: Correspondence between the Propriety and Ethics Directorate, the Permanent Secretary and the First Minister's office regarding the summit held by Scottish Government: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Monday 12th January 2026 People Directorate Source Page: Children’s Hearings Scotland (CHS) board member appointment information: FOI release Document: Children’s Hearings Scotland (CHS) board member appointment information: FOI release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Monday 12th January 2026 Agriculture and Rural Economy Directorate Source Page: New Scottish Veterinary Service (SVS) information: EIR release Document: New Scottish Veterinary Service (SVS) information: EIR release (webpage) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Monday 12th January 2026 Children and Families Directorate Source Page: Proposed downgrade of Ninewells neonatal intensive care unit correspondence: FOI release Document: FOI 202500484999 - Information released - Documents (PDF) Found: principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act
Monday 12th January 2026 Environment and Forestry Directorate Source Page: Code of practice on deer management correspondence and briefings: EIR release Document: EIR 202500484325 - Information released - Annex A and B (PDF) Found: Article 5(1) of the General Data Protection Regulations (GDPR) and in Section 34(1) of the Data Protection Act

Data Protection Act 2018 mentioned in Welsh results

Welsh Committee Publications
Tuesday 3rd February 2026 PDF - Marshalled List of Amendments - 3 February 2026 (PDF 238KB) Inquiry: Report on the Environment (Principles, Governance and Biodiversity Targets) (Wales) Bill Found: (4) In this section, “the data protection legislation” has the same meaning as in the Data Protection Act
Tuesday 3rd February 2026 PDF - Marshalled List of Amendments - 3 February 2026 (PDF 243KB) v2 Inquiry: Report on the Environment (Principles, Governance and Biodiversity Targets) (Wales) Bill Found: (4) In this section, “the data protection legislation” has the same meaning as in the Data Protection Act
Thursday 29th January 2026 PDF - Marshalled List of Amendments - 29 January 2026 Inquiry: Building Safety (Wales) Bill Found: (5) But see also section 183A of the Data Protection Act 2018 (c. 12) (protection of requirements
Tuesday 20th January 2026 PDF - Notice of Amendments – 20 January 2026 (PDF 231KB) Inquiry: Building Safety (Wales) Bill Found: (5) But see also section 183A of the Data Protection Act 2018 (c. 12) (protection of requirements
Tuesday 16th December 2025 PDF - Notice of Amendments - 16 December 2025 (PDF 111KB) Inquiry: Report on the Environment (Principles, Governance and Biodiversity Targets) (Wales) Bill Found: (4) In this section, “the data protection legislation” has the same meaning as in the Data Protection Act
Monday 15th December 2025 PDF - Welsh Government: Purpose and effect table - 15 December 2025 Inquiry: Building Safety (Wales) Bill Found: The amendment replaces subsection (8) to refer to new section 183A of the Data Protection Act 2018 (
Thursday 11th December 2025 PDF - Marshalled List of Amendments - 11 December 2025 Inquiry: Homelessness and Social Housing Allocation (Wales) Bill Found: purpose for which it is disclosed, and (b) handled and stored in accordance with— (i) the Data Protection Act
Thursday 11th December 2025 PDF - Notice of amendments - 11 December 2025 Inquiry: Building Safety (Wales) Bill Found: Section 61, page 49, leave out lines 24 to 27 and insert— ‘(8) But see also section 183A of the Data Protection Act
Friday 5th December 2025 PDF - Marshalled List of Amendments - 5 December 2025 Inquiry: Homelessness and Social Housing Allocation (Wales) Bill Found: purpose for which it is disclosed, and (b) handled and stored in accordance with— (i) the Data Protection Act
Thursday 4th December 2025 PDF - Marshalled List of Amendments - 4 December 2025 (PDF 420KB) Inquiry: Report on the Environment (Principles, Governance and Biodiversity Targets) (Wales) Bill Found: Irranca-Davies 16 Section 24, page 12, after line 21, insert— ‘( ) But see also section 183A of the Data Protection Act
Thursday 4th December 2025 PDF - Notice of amendments - 4 December 2025 Inquiry: Homelessness and Social Housing Allocation (Wales) Bill Found: purpose for which it is disclosed, and (b) handled and stored in accordance with— (i) the Data Protection Act
Monday 1st December 2025 PDF - Welsh Government: Purpose and effect table - 1 December 2025 (PDF 404KB) Inquiry: Report on the Environment (Principles, Governance and Biodiversity Targets) (Wales) Bill Found: protection of prohibitions and restrictions etc on processing: relevant enactments) of the Data Protection Act
Thursday 27th November 2025 PDF - Notice of Amendments - 27 November 2025 (PDF 276KB) Inquiry: Report on the Environment (Principles, Governance and Biodiversity Targets) (Wales) Bill Found: Irranca-Davies 16 Section 24, page 12, after line 21, insert— ‘( ) But see also section 183A of the Data Protection Act
Thursday 27th November 2025 PDF - Notice of Amendments - 27 November 2025 (PDF 276KB) Inquiry: Report on the Environment (Principles, Governance and Biodiversity Targets) (Wales) Bill Found: Irranca-Davies 16 Section 24, page 12, after line 21, insert— ‘( ) But see also section 183A of the Data Protection Act
Tuesday 25th November 2025 PDF - Letter from the Cabinet Secretary for Finance and Welsh Language to the Legislation, Justice and Constitution Committee, 25 November 2025 Inquiry: Report on the Development of Tourism and Regulation of Visitor Accommodation (Wales) Bill Found: However, the provisions under section 39 need to be read alongside section 183A of the Data Protection Act
Monday 17th November 2025 PDF - Welsh Government: Purpose and Effect Table - 17 November 2025 Inquiry: Homelessness and Social Housing Allocation (Wales) Bill Found: Housing Registers as they are no longer required as a consequence of section 183A of the Data Protection Act
PDF - report Inquiry: The Welsh Government’s Legislative Consent Memorandum on the Bus Services (No.2) Bill Found: longer needed as a result of the general data protection override in section 183A of the Data Protection Act
PDF - Supplementary LCM Inquiry: The Welsh Government’s Legislative Consent Memoranda on the Mental Health Bill Found: no longer necessary because of the general data protection override in section 183A of the Data Protection Act
PDF - Bill Inquiry: Report on the Development of Tourism and Regulation of Visitor Accommodation (Wales) Bill Found: (5) But see also section 183A of the Data Protection Act 2018 (c. 12) (protection of requirements
PDF - Llywodraeth Cymru: Tabl Diben ac Effaith - 17 Tachwedd 2025 Inquiry: Homelessness and Social Housing Allocation (Wales) Bill Found: Housing Registers as they are no longer required as a consequence of section 183A of the Data Protection Act
PDF - Welsh Government: Purpose and effect table - 17 November 2025 Inquiry: Homelessness and Social Housing Allocation (Wales) Bill Found: Housing Registers as they are no longer required as a consequence of section 183A of the Data Protection Act
PDF - Notice of Amendments - 27 November 2025 Inquiry: Report on the Environment (Principles, Governance and Biodiversity Targets) (Wales) Bill Found: Irranca-Davies 16 Section 24, page 12, after line 21, insert— ‘( ) But see also section 183A of the Data Protection Act
PDF - Notice of Amendments - 27 November 2025 Inquiry: Report on the Environment (Principles, Governance and Biodiversity Targets) (Wales) Bill Found: Irranca-Davies 16 Section 24, page 12, after line 21, insert— ‘( ) But see also section 183A of the Data Protection Act
PDF - Welsh Government: Purpose and effect table - 1 December 2025 Inquiry: Report on the Environment (Principles, Governance and Biodiversity Targets) (Wales) Bill Found: protection of prohibitions and restrictions etc on processing: relevant enactments) of the Data Protection Act
PDF - Letter Inquiry: Report on the Development of Tourism and Regulation of Visitor Accommodation (Wales) Bill Found: However, the provisions under section 39 need to be read alongside section 183A of the Data Protection Act
PDF - Response letter from the Cabinet Secretary for Finance and Welsh Language to the Chair of the Legislation, Justice and Constitution Committee: Follow-up from the Legislation, Justice and Constitution Committee meeting held on 10 November 2025 - 25 November 2025 Inquiry: Report on the Development of Tourism and Regulation of Visitor Accommodation (Wales) Bill Found: However, the provisions under section 39 need to be read alongside section 183A of the Data Protection Act
PDF - Marshalled List of Amendments - 4 December 2025 Inquiry: Report on the Environment (Principles, Governance and Biodiversity Targets) (Wales) Bill Found: Irranca-Davies 16 Section 24, page 12, after line 21, insert— ‘( ) But see also section 183A of the Data Protection Act
PDF - Marshalled List of amendments – 5 December 2025 Inquiry: Homelessness and Social Housing Allocation (Wales) Bill Found: purpose for which it is disclosed, and (b) handled and stored in accordance with— (i) the Data Protection Act
PDF - Notice of amendments – 4 December 2025 Inquiry: Homelessness and Social Housing Allocation (Wales) Bill Found: purpose for which it is disclosed, and (b) handled and stored in accordance with— (i) the Data Protection Act
PDF - Notice of amendments - 11 December 2025 Inquiry: Building Safety (Wales) Bill Found: Section 61, page 49, leave out lines 24 to 27 and insert— ‘(8) But see also section 183A of the Data Protection Act
PDF - Environment (Principles, Governance and Biodiversity Targets) (Wales) Bill, as amended at Stage 2 (PDF 462KB) Inquiry: Report on the Environment (Principles, Governance and Biodiversity Targets) (Wales) Bill Found: (2) But see also section 183A of the Data Protection Act 2018 (c. 12) (protection of requirements
PDF - Environment (Principles, Governance and Biodiversity Targets) (Wales) Bill, as amended at Stage 2 (UNCHECKED) Inquiry: Report on the Environment (Principles, Governance and Biodiversity Targets) (Wales) Bill Found: (2) But see also section 183A of the Data Protection Act 2018 (c. 12) (protection of requirements
PDF - Welsh Government: Purpose and effect table - 15 December 2025 Inquiry: Building Safety (Wales) Bill Found: The amendment replaces subsection (8) to refer to new section 183A of the Data Protection Act 2018 (
PDF - Environment (Principles, Governance and Biodiversity Targets) (Wales) Bill, as amended at Stage 2 (UNCHECKED) (PDF 462KB) Inquiry: Report on the Environment (Principles, Governance and Biodiversity Targets) (Wales) Bill Found: (2) But see also section 183A of the Data Protection Act 2018 (c. 12) (protection of requirements
PDF - Environment (Principles, Governance and Biodiversity Targets) (Wales) Bill, as amended at Stage 2 (PDF 462KB) Inquiry: Report on the Environment (Principles, Governance and Biodiversity Targets) (Wales) Bill Found: (2) But see also section 183A of the Data Protection Act 2018 (c. 12) (protection of requirements
PDF - Environment (Principles, Governance and Biodiversity Targets) (Wales) Bill, as amended at Stage 2 Inquiry: Report on the Environment (Principles, Governance and Biodiversity Targets) (Wales) Bill Found: (2) But see also section 183A of the Data Protection Act 2018 (c. 12) (protection of requirements
PDF - Notice of Amendments - 16 December 2025 Inquiry: Report on the Environment (Principles, Governance and Biodiversity Targets) (Wales) Bill Found: (4) In this section, “the data protection legislation” has the same meaning as in the Data Protection Act
PDF - report Inquiry: Report on the Development of Tourism and Regulation of Visitor Accommodation (Wales) Bill Found: letter adds that the provisions under section 39 need to be read alongside section 183A of the Data Protection Act
PDF - Supplementary LCM Inquiry: The Welsh Government’s Legislative Consent Memoranda on the Children’s Wellbeing and Schools Bill Found: Education Act 2002 3 • The Academies Act 2010 • School Standards and Framework Act 1998 • Data Protection Act
PDF - Notice of Amendments – 20 January 2026 Inquiry: Building Safety (Wales) Bill Found: (5) But see also section 183A of the Data Protection Act 2018 (c. 12) (protection of requirements
PDF - Marshalled List of Amendments – 29 January 2026 Inquiry: Building Safety (Wales) Bill Found: (5) But see also section 183A of the Data Protection Act 2018 (c. 12) (protection of requirements
PDF - Marshalled List of Amendments - 3 February 2026 Inquiry: Report on the Environment (Principles, Governance and Biodiversity Targets) (Wales) Bill Found: (4) In this section, “the data protection legislation” has the same meaning as in the Data Protection Act
PDF - Revised Explanatory Memorandum and Regulatory Impact Assessment - 3 February 2026 Inquiry: Report on the Environment (Principles, Governance and Biodiversity Targets) (Wales) Bill Found: Information Commissioner's Office (ICO) is the independent regulatory office dealing with the Data Protection Act
PDF - Building Safety (Wales) Bill as amended at stage 2 Inquiry: Building Safety (Wales) Bill Found: (5) But see also section 183A of the Data Protection Act 2018 (c. 12) (protection of requirements
PDF - Building Safety (Wales) Bill Inquiry: Building Safety (Wales) Bill Found: (5) But see also section 183A of the Data Protection Act 2018 (c. 12) (protection of requirements
PDF - Marshalled List of Amendments - 3 February 2026 Inquiry: Report on the Environment (Principles, Governance and Biodiversity Targets) (Wales) Bill Found: (4) In this section, “the data protection legislation” has the same meaning as in the Data Protection Act
PDF - Development of Tourism and Regulation of Visitor Accommodation (Wales) Bill Inquiry: Report on the Development of Tourism and Regulation of Visitor Accommodation (Wales) Bill Found: (5) But see also section 183A of the Data Protection Act 2018 (c. 12) (protection of requirements
PDF - Stage 2 amended Bill (Unchecked) Inquiry: Report on the Development of Tourism and Regulation of Visitor Accommodation (Wales) Bill Found: (5) But see also section 183A of the Data Protection Act 2018 (c. 12) (protection of requirements

Welsh Government Publications
Thursday 5th February 2026 Source Page: Fair work (National Survey for Wales): April 2024 to March 2025 Document: Fair work (National Survey for Wales): April 2024 to March 2025 (webpage) Found: personal data underlying these statistics is processed in accordance with the requirements of the Data Protection Act
Thursday 5th February 2026 Source Page: FOI release 26544: Buckland Hall Document: Buckland Hall (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 2018 (‘the DPA 2018’)
Thursday 29th January 2026 Source Page: Young people not in education, employment or training (NEET): October 2024 to September 2025 Document: Young people not in education, employment or training (NEET): October 2024 to September 2025 (webpage) Found: personal data underlying these statistics are processed in accordance with the requirements of the Data Protection Act
Thursday 29th January 2026 Source Page: Evaluation of the elective home education statutory guidance Document: Evaluation of the elective home education statutory guidance (PDF) Found: with such services, in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act
Tuesday 27th January 2026 Source Page: Attendance of pupils in maintained schools: 2 September 2025 to 16 January 2026 Document: Attendance of pupils in maintained schools: 2 September 2025 to 16 January 2026 (webpage) Found: personal data underlying these statistics are processed in accordance with the requirements of the Data Protection Act
Monday 26th January 2026 Source Page: FOI release 26526: Great British Railways Document: Great British Railways (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 2018 (‘the DPA 2018’)
Wednesday 21st January 2026 Source Page: Labour market statistics (Annual Population Survey): October 2024 to September 2025 Document: Labour market statistics (Annual Population Survey): October 2024 to September 2025 (webpage) Found: personal data underlying these statistics are processed in accordance with the requirements of the Data Protection Act
Tuesday 20th January 2026 Source Page: FOI release 26510: BBC Document: BBC (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 2018 (‘the DPA 2018’)
Tuesday 20th January 2026 Source Page: FOI release 26383: Dingestow crossing Document: Doc 7 (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 2018 (‘the DPA 2018’)
Thursday 15th January 2026 Source Page: FOI release 26503: Animal welfare Document: Doc 1 (PDF) Found: Commissioner's Data Sharing Code of Practice of May 2011 1.1.5 Data Protection Legislation : (i) the Data Protection Act
Thursday 15th January 2026 Source Page: FOI release 26503: Animal welfare Document: Animal welfare (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 2018 (‘the DPA 2018’)
Tuesday 13th January 2026 Source Page: Attendance of pupils in maintained schools: 2 September 2025 to 2 January 2026 Document: Attendance of pupils in maintained schools: 2 September 2025 to 2 January 2026 (webpage) Found: personal data underlying these statistics are processed in accordance with the requirements of the Data Protection Act
Wednesday 7th January 2026 Source Page: General funding round window 3 (Welsh Marine and Fisheries Scheme): guidance Document: General funding round window 3 (Welsh Marine and Fisheries Scheme): guidance (PDF) Found: Freedom of Information Act 2000, the 28 Environmental Information Regulations 2004 and the Data Protection Act
Tuesday 6th January 2026 Source Page: FOI release 26504: Respiratory Protective Equipment Document: Respiratory Protective Equipment (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 1998 (‘the DPA 2018’)
Tuesday 6th January 2026 Source Page: FOI release 26422: Rhydycar West Document: Rhydycar West (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 2018 (‘the DPA 2018’)
Tuesday 6th January 2026 Source Page: FOI release 26399 and 26498: Water quality Document: Water quality (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 2018 (‘the DPA 2018’)
Tuesday 6th January 2026 Source Page: FOI release 26401: Rhydycar West Document: Rhydycar West (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 2018 (‘the DPA 2018’)
Monday 5th January 2026 Source Page: Small Grants - Environment (landscape and pollinators): general rules booklet 2026 Document: Small Grants - Environment (landscape and pollinators): general rules booklet 2026 (webpage) Found: in accordance with the obligations and duties under the Freedom of Information Act 2000, the Data Protection Act
Monday 5th January 2026 Source Page: Woodland Creation Planning Scheme (January 2026): rules booklet Document: Woodland Creation Planning Scheme (January 2026): rules booklet (webpage) Found: obligations under the Freedom of Information Act 2000, the Environmental information Act 2004 or the Data Protection Act
Monday 22nd December 2025 Source Page: Freedom of Information (FOI): request from the Welsh Government Document: Requesting information from the Welsh Government (webpage) Found: The Data Protection Act 2018, Freedom of Information Act 2000 and the Environmental Information Regulations
Wednesday 17th December 2025 Source Page: FOI release 26284: Llansteffan North Green car park Document: Llansteffan North Green car park (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 2018 (‘the DPA 2018’)
Wednesday 17th December 2025 Source Page: Sustainable Farming Scheme (2026): universal layer: rules booklet Document: Sustainable Farming Scheme (2026): universal layer: rules booklet (PDF) Found: used by the Welsh Government in accordance with its obligations and duties under the: • The Data Protection Act
Tuesday 16th December 2025 Source Page: FOI release 26391: Cafcass complaints Document: Cafcass complaints (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 2018 (‘the DPA 2018’)
Tuesday 16th December 2025 Source Page: Significant infrastructure projects (SIP): notification of proposed application Document: Significant infrastructure projects (SIP): notification of proposed application (PDF) Found: supplied by you in this form, is in accordance with the terms of our registration under the Data Protection Act
Tuesday 16th December 2025 Source Page: Attendance of pupils in maintained schools: 2 September to 5 December 2025 Document: Attendance of pupils in maintained schools: 2 September to 5 December 2025 (webpage) Found: personal data underlying these statistics are processed in accordance with the requirements of the Data Protection Act
Tuesday 16th December 2025 Source Page: Remote working (National Survey for Wales): April 2024 to March 2025 Document: Remote working (National Survey for Wales): April 2024 to March 2025 (webpage) Found: personal data underlying these statistics is processed in accordance with the requirements of the Data Protection Act

Welsh Senedd Debates
Group 11: Office of Environmental Governance: disclosure of information and confidentiality (Amendments 16, 17, 18) Thursday 11th December 2025 Mentions: 1: Huw Irranca-Davies (Welsh Labour and Co-operative Party - Ogmore) Amendments 16, 17, 18 in my name make necessary amendments to reflect changes to the Data Protection Act - Link to Speech
2. Development of Tourism and Regulation of Visitor Accommodation (Wales) Bill: Evidence Session 1 Wednesday 5th November 2025 Mentions: 1: None gateways that are in the Bill, and highlights that that has to be read with reference to the Data Protection Act - Link to Speech