Information since 30 Aug 2025, 12:22 p.m.
| Parliamentary Debates |
|---|
|
Crime and Policing Bill
161 speeches (47,775 words) Committee stage Thursday 15th January 2026 - Lords Chamber Home Office Mentions: 1: Lord Hanson of Flint (Lab - Life peer) recognition technology is already subject to safeguards, including the Human Rights Act and Data Protection Act - Link to Speech 2: Lord Hanson of Flint (Lab - Life peer) device, nothing in this legislation changes the existing duties on the police imposed by the Data Protection Act - Link to Speech 3: None is no longer needed because of the general data protection override in section 183A of the Data Protection Act - Link to Speech |
|
Children’s Wellbeing and Schools Bill
100 speeches (23,099 words) Wednesday 14th January 2026 - Lords Chamber Department for Work and Pensions Mentions: 1: None the protection provided by the new general data protection override in section 183A of the Data Protection Act - Link to Speech 2: None the protection provided by the new general data protection override in section 183A of the Data Protection Act - Link to Speech 3: Baroness Blake of Leeds (Lab - Life peer) developments.Section 106 of the 2025 Act introduced a general data protection override into the Data Protection Act - Link to Speech 4: None appropriate.(10) In this section, “processing” has the same meaning as in Parts 5 to 7 of the Data Protection Act - Link to Speech |
|
Crime and Policing Bill
96 speeches (28,955 words) Committee stage part one Wednesday 7th January 2026 - Lords Chamber Home Office Mentions: 1: Lord Clement-Jones (LD - Life peer) The Fraud Act 2006, the Computer Misuse Act 1990, the Data Protection Act 2018 and subsequent data protection - Link to Speech 2: Lord Blencathra (Con - Life peer) It also risks overlap with the Fraud Act, the Computer Misuse Act and the Data Protection Act, and lacks - Link to Speech 3: Lord Hanson of Flint (Lab - Life peer) of the Fraud Act, Sections 1 and 2 of the Computer Misuse Act 1990, and Section 170 of the Data Protection Act - Link to Speech |
|
Crime and Policing Bill
100 speeches (26,958 words) Committee stage part one Monday 15th December 2025 - Lords Chamber Home Office Mentions: 1: None is no longer needed because of the general data protection override in section 183A of the Data Protection Act - Link to Speech |
|
Online Safety Act 2023: Repeal
82 speeches (22,817 words) Monday 15th December 2025 - Westminster Hall Department for Digital, Culture, Media & Sport Mentions: 1: Lewis Atkinson (Lab - Sunderland Central) obligations—in the same way that any person would meet obligations such as those under the Data Protection Act - Link to Speech |
|
Cammell Laird Workers’ Imprisonment: Public Inquiry
15 speeches (4,429 words) Wednesday 10th December 2025 - Commons Chamber Ministry of Justice Mentions: 1: Jake Richards (Lab - Rother Valley) The 2010 blacklisting regulations are reinforced by powers in the Data Protection Act 2018, which protect - Link to Speech |
| Select Committee Documents |
|---|
|
Thursday 15th January 2026
Written Evidence - BGTS LTD GDA0008 - Government use of data analytics on error and fraud Public Accounts Committee Found: While GDPR and UK Data Protection Act include provisions for crime prevention, practical implementation |
|
Thursday 8th January 2026
Written Evidence - Ministry of Defence ADBRS0030 - Afghan Data Breach and Resettlement Schemes Afghan Data Breach and Resettlement Schemes - Defence Committee Found: Data Protection Advisor(s) to ensure that the processing of personal data complies with Data Protection Act |
|
Thursday 18th December 2025
Written Evidence - Northumbria University, Northumbria University, and Northumbria University RAI0020 - Human Rights and the Regulation of AI Human Rights and the Regulation of AI - Human Rights (Joint Committee) Found: Although the UK has the Human Rights Act 1998 and the Data Protection Act, the UK does not have specific |
| Written Answers |
|---|
|
NHS Trusts: Subject Access Requests
Asked by: Ben Maguire (Liberal Democrat - North Cornwall) Tuesday 13th January 2026 Question to the Department for Science, Innovation & Technology: To ask the Secretary of State for Science, Innovation and Technology, if she will made an assessment of the potential impact of SARs not being disclosed by NHS hospital trusts within the statutory one month timeframe. Answered by Ian Murray - Minister of State (Department for Science, Innovation and Technology) The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA) provide individuals with the right to access their personal data, subject to relevant exemptions. A subject access request must be responded to within one month of receiving the request. The response time may be extended by a further two months if the request is complex, or if the individual has submitted a number of requests, provided the organisation informs the requestor within the one-month period and provides reasons for the delay. NHS England has produced guidance for patients and service users on making a Subject Access Request (SAR), and for professionals to ensure they can respond to requests in a timely manner. It can be found here: https://transform.england.nhs.uk/information-governance/guidance/subject-access-requests/ The Information Commissioner’s Office (ICO) is responsible for monitoring and enforcing the data protection legislation independently of government, and is accountable to Parliament. |
|
Subject Access Requests
Asked by: Ben Maguire (Liberal Democrat - North Cornwall) Tuesday 13th January 2026 Question to the Department for Science, Innovation & Technology: To ask the Secretary of State for Science, Innovation and Technology, what steps her Department is taking to ensure the ICO's statutory duty to enforce SAR disclosures are met within a one month timeframe. Answered by Ian Murray - Minister of State (Department for Science, Innovation and Technology) The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA) provide individuals with the right to access their personal data, subject to relevant exemptions. A subject access request must be responded to within one month of receiving the request. The response time may be extended by a further two months if the request is complex, or if the individual has submitted a number of requests, provided the organisation informs the requestor within the one-month period and provides reasons for the delay. The Information Commissioner’s Office (ICO) is responsible for monitoring and enforcing the data protection legislation independently of government, and is accountable to Parliament. |
|
Biometrics: Civil Liberties
Asked by: James McMurdock (Independent - South Basildon and East Thurrock) Tuesday 6th January 2026 Question to the Home Office: To ask the Secretary of State for the Home Department, what recent assessment she has made of the potential impact of live facial recognition surveillance on the rights to privacy, freedom of assembly, and freedom of expression. Answered by Sarah Jones - Minister of State (Home Office) Passport photographs are not being enrolled into biometric databases accessible for live facial recognition searches. However, His Majesty’s Passport Office (HMPO) may conduct retrospective facial recognition searches against the passport database, on behalf of police forces, in relation to serious cases e.g. sexual offences, violent offences, serious and organised crime, or those that are of a national security interest. Guidance on this practice, and an Equality Impact Assessment has been published on the GOV.UK site. When deploying facial recognition technology, police forces must comply with existing legislation including the Human Rights Act 1998, Equality Act 2010, Data Protection Act 2018, Police and Criminal Evidence Act 1984, as well as their own published policies. For live facial recognition, police forces must also follow the College of Policing’s Authorised Professional Practice (APP) on Live Facial Recognition. Forces also need to comply with the Surveillance Camera Code of Practice, which is supplemented by published policing policies. On 4 December the Government launched a consultation on law enforcement use of biometrics, facial recognition and similar technologies. We are consulting on a new legal framework to create consistent, durable rules and appropriate safeguards for biometrics and facial recognition. This framework will aim to strike the right balance between public protection and privacy.
|
|
Passports: Photographs
Asked by: James McMurdock (Independent - South Basildon and East Thurrock) Tuesday 6th January 2026 Question to the Home Office: To ask the Secretary of State for the Home Department, whether passport photographs are being enrolled into biometric databases accessible for live facial recognition searches; and what assessment she has made of the privacy implications of this policy. Answered by Sarah Jones - Minister of State (Home Office) Passport photographs are not being enrolled into biometric databases accessible for live facial recognition searches. However, His Majesty’s Passport Office (HMPO) may conduct retrospective facial recognition searches against the passport database, on behalf of police forces, in relation to serious cases e.g. sexual offences, violent offences, serious and organised crime, or those that are of a national security interest. Guidance on this practice, and an Equality Impact Assessment has been published on the GOV.UK site. When deploying facial recognition technology, police forces must comply with existing legislation including the Human Rights Act 1998, Equality Act 2010, Data Protection Act 2018, Police and Criminal Evidence Act 1984, as well as their own published policies. For live facial recognition, police forces must also follow the College of Policing’s Authorised Professional Practice (APP) on Live Facial Recognition. Forces also need to comply with the Surveillance Camera Code of Practice, which is supplemented by published policing policies. On 4 December the Government launched a consultation on law enforcement use of biometrics, facial recognition and similar technologies. We are consulting on a new legal framework to create consistent, durable rules and appropriate safeguards for biometrics and facial recognition. This framework will aim to strike the right balance between public protection and privacy.
|
|
Cabinet Office: Revenue and Customs
Asked by: Mike Wood (Conservative - Kingswinford and South Staffordshire) Monday 5th January 2026 Question to the Cabinet Office: To ask the Minister for the Cabinet Office, whether the 2017 Memorandum of Understanding between HMRC and the Cabinet Office has been updated since the introduction of the Data Protection Act 2018; and on what basis data transfers for honours probity checks continues. Answered by Nick Thomas-Symonds - Paymaster General and Minister for the Cabinet Office As noted in our answer to PQ 92590, the Memorandum of Understanding between the Cabinet Office and HMRC was last updated in 2023. The Memorandum of Understanding, which is published in full on gov.uk, sets out the legal and lawful basis by which data is transferred.
The 2023 Memorandum of Understanding is available at the following link:
|
|
Police: Biometrics
Asked by: James McMurdock (Independent - South Basildon and East Thurrock) Monday 5th January 2026 Question to the Home Office: To ask the Secretary of State for the Home Department, on what statutory basis live facial recognition technology is deployed by police forces in England and Wales; and whether her Department plans to introduce primary legislation before any expansion of its use. Answered by Sarah Jones - Minister of State (Home Office) There is an established basis for the police to use live facial recognition technology. When deploying facial recognition technology, police forces must comply with existing legislation including the Human Rights Act 1998, Equality Act 2010, Data Protection Act 2018, Police and Criminal Evidence Act 1984, as well as their own published policies. For live facial recognition, police forces must also follow the College of Policing’s Authorised Professional Practice (APP) on Live Facial Recognition. Forces also need to comply with the Surveillance Camera Code of Practice, which is supplemented by published policing policies. On 4 December the Government launched a consultation on law enforcement use of biometrics, facial recognition and similar technologies. Although there is a legal basis for police use of facial recognition, the current legal framework is complicated, inflexible and difficult to understand, which in turn limits the extent to which facial recognition and similar technologies can be confidently used. That is why the government is consulting on a new legal framework to inform potential legislation. |
|
Biometrics: Parliamentary Scrutiny
Asked by: James McMurdock (Independent - South Basildon and East Thurrock) Monday 5th January 2026 Question to the Home Office: To ask the Secretary of State for the Home Department, what plans she has to allow for Parliamentary scrutiny of proposals to expand the use of live facial recognition technology. Answered by Sarah Jones - Minister of State (Home Office) There is an established basis for the police to use live facial recognition technology. When deploying facial recognition technology, police forces must comply with existing legislation including the Human Rights Act 1998, Equality Act 2010, Data Protection Act 2018, Police and Criminal Evidence Act 1984, as well as their own published policies. For live facial recognition, police forces must also follow the College of Policing’s Authorised Professional Practice (APP) on Live Facial Recognition. Forces also need to comply with the Surveillance Camera Code of Practice, which is supplemented by published policing policies. On 4 December the Government launched a consultation on law enforcement use of biometrics, facial recognition and similar technologies. Although there is a legal basis for police use of facial recognition, the current legal framework is complicated, inflexible and difficult to understand, which in turn limits the extent to which facial recognition and similar technologies can be confidently used. That is why the government is consulting on a new legal framework to inform potential legislation. |
|
Biometrics
Asked by: James McMurdock (Independent - South Basildon and East Thurrock) Monday 5th January 2026 Question to the Home Office: To ask the Secretary of State for the Home Department, whether she plans to prevent the expansion of live facial recognition technology beyond counter-terrorism and serious crime into routine policing, retail monitoring, or crowd surveillance. Answered by Sarah Jones - Minister of State (Home Office) Live facial recognition technology, which involves processing live video footage of people passing a camera, is used in England and Wales to help locate people who are wanted by the police, in public spaces. The College of Policing has produced national guidance in the form of an Authorised Professional Practice (APP), setting out when the police can use live facial recognition and the categories of people they can look for. These include individuals wanted by the police or the courts, suspects, missing or vulnerable people, or those posing a risk of harm to themselves or others. In each case, inclusion on a watchlist must be justified and authorised, and must pass the tests of necessity, proportionality and use for a policing purpose. On 4 December the Government launched a consultation on establishing a new legal framework which focuses on the use of facial recognition and similar technologies by law enforcement organisations, for a law enforcement purpose. The consultation seeks views on whether seriousness of harm should be a factor to decide how and when law enforcement organisations can acquire, retain, and use biometrics, facial recognition, and similar technology. The consultation also asks for views on what factors are relevant to consider when assessing ‘seriousness’ of harm and for which purposes should law enforcement organisations be allowed to use these technologies. The consultation also explains that the new legal framework will apply to law enforcement organisations. This would include all police forces in England and Wales, and national and specialist law enforcement agencies like the British Transport Police and National Crime Agency and for law enforcement activity by other public bodies such as the Environment Agency, HMRC or Border Force. We are aware that facial recognition and similar technologies are used more broadly across the public and private sectors. For example, we know that nightclubs use it to help identify barred patrons. Where that is the case they must comply with all relevant existing legislation including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 and guidance, with the Information Commissioner’s Office (ICO) as the principal regulator. Through the consultation we will therefore also consider whether public and private sector organisations ought to have due regard to the new legal framework and especially to any best practice established as a result.
|
|
Biometrics
Asked by: James McMurdock (Independent - South Basildon and East Thurrock) Monday 5th January 2026 Question to the Home Office: To ask the Secretary of State for the Home Department, whether she plans to expand the use of live facial recognition technology for non-criminal matters. Answered by Sarah Jones - Minister of State (Home Office) Live facial recognition technology, which involves processing live video footage of people passing a camera, is used in England and Wales to help locate people who are wanted by the police, in public spaces. The College of Policing has produced national guidance in the form of an Authorised Professional Practice (APP), setting out when the police can use live facial recognition and the categories of people they can look for. These include individuals wanted by the police or the courts, suspects, missing or vulnerable people, or those posing a risk of harm to themselves or others. In each case, inclusion on a watchlist must be justified and authorised, and must pass the tests of necessity, proportionality and use for a policing purpose. On 4 December the Government launched a consultation on establishing a new legal framework which focuses on the use of facial recognition and similar technologies by law enforcement organisations, for a law enforcement purpose. The consultation seeks views on whether seriousness of harm should be a factor to decide how and when law enforcement organisations can acquire, retain, and use biometrics, facial recognition, and similar technology. The consultation also asks for views on what factors are relevant to consider when assessing ‘seriousness’ of harm and for which purposes should law enforcement organisations be allowed to use these technologies. The consultation also explains that the new legal framework will apply to law enforcement organisations. This would include all police forces in England and Wales, and national and specialist law enforcement agencies like the British Transport Police and National Crime Agency and for law enforcement activity by other public bodies such as the Environment Agency, HMRC or Border Force. We are aware that facial recognition and similar technologies are used more broadly across the public and private sectors. For example, we know that nightclubs use it to help identify barred patrons. Where that is the case they must comply with all relevant existing legislation including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 and guidance, with the Information Commissioner’s Office (ICO) as the principal regulator. Through the consultation we will therefore also consider whether public and private sector organisations ought to have due regard to the new legal framework and especially to any best practice established as a result.
|
|
Housing: Harassment
Asked by: Suella Braverman (Conservative - Fareham and Waterlooville) Friday 2nd January 2026 Question to the Home Office: To ask the Secretary of State for the Home Department, whether her Department will review the classification of neighbour harassment involving intrusive CCTV surveillance. Answered by Sarah Jones - Minister of State (Home Office) The police have a range of powers to deal with any behaviour that causes harassment, alarm or distress to others. The Government fully supports the police in their use of these powers to maintain public order and keep communities safe. Individuals that use CCTV to film outside their property boundary have to comply fully with the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018. The Information Commissioner’s Office (ICO) has published guidance which details the obligations the CCTV user will need to comply with: https://ico.org.uk/for-the-public/home-cctv-systems/. Where there is sufficient evidence of harassment or stalking from a domestic camera system, this may lead to prosecution for a criminal offence of harassment or stalking under the Protection from Harassment Act 1997. In addition to the Protection from Harassment Act 1997, another potential remedy in civil law is the tort of private nuisance, which is a common law tort that relates to a person’s private rights in relation to land. |
|
Google: Contracts
Asked by: Lord Taylor of Warwick (Non-affiliated - Life peer) Monday 29th December 2025 Question to the Department for Science, Innovation & Technology: To ask His Majesty's Government what steps they are taking to ensure robust governance, safety evaluation and transparency in their announced partnership with Google DeepMind, including the planned automated science laboratory and access to its AI models for public services. Answered by Baroness Lloyd of Effra - Baroness in Waiting (HM Household) (Whip) The non‑binding Memorandum of Understanding between DSIT and Google DeepMind establishes a partnership for collaboration to support delivery on this government’s AI Opportunities Action Plan. This includes concrete initiatives such as priority access for UK scientists to AI tools; deepening collaboration with the AI Security Institute on AI safety and security research; and support for the development of AI-ready datasets in strategically important domains such as fusion energy. The automated lab announced alongside the MoU is an independent Google DeepMind initiative, fully funded by Google DeepMind. The UK Government is not involved in operating or funding the lab. The partnership with Google DeepMind will support DSIT’s efforts to explore how AI can improve productivity and service delivery across government. However, any use of AI in public services will be subject to the highest standards of safety and security, including the Data Protection Act 2018 and UK GDPR, the Government’s Data Ethics Framework, and relevant departmental assurance and security processes.
|
|
Biometrics: Children
Asked by: Baroness Jones of Moulsecoomb (Green Party - Life peer) Tuesday 23rd December 2025 Question to the Home Office: To ask His Majesty's Government what plans they have to restrict the circumstances in which children may be added to facial recognition watchlists. Answered by Lord Hanson of Flint - Minister of State (Home Office) Facial recognition is a crucial tool that helps the police locate missing people, suspects, and those wanted by the courts. In some cases, under the existing legal framework this includes vulnerable individuals such as missing children. When using facial recognition technology, police forces must comply with legislation including the Human Rights Act 1998, Equality Act 2010, Data Protection Act 2018, Police and Criminal Evidence Act 1984, as well as their own published policies. For live facial recognition, police forces must also follow the College of Policing’s Authorised Professional Practice (APP) on Live Facial Recognition.
On 4th December the Government launched a consultation on a new legal framework for law enforcement use of biometrics, facial recognition and similar technologies. During the consultation we want to hear views on when and how biometrics, facial recognition and similar technologies should be used, and what safeguards and oversight are needed. |
|
Biometrics: Children
Asked by: Lord Alton of Liverpool (Crossbench - Life peer) Tuesday 23rd December 2025 Question to the Home Office: To ask His Majesty's Government whether they plan to introduce limits on the circumstances in which police forces can add children to facial recognition watchlists. Answered by Lord Hanson of Flint - Minister of State (Home Office) Facial recognition is a crucial tool that helps the police locate missing people, suspects, and those wanted by the courts. In some cases, under the existing legal framework this includes vulnerable individuals such as missing children. When using facial recognition technology, police forces must comply with legislation including the Human Rights Act 1998, Equality Act 2010, Data Protection Act 2018, Police and Criminal Evidence Act 1984, as well as their own published policies. For live facial recognition, police forces must also follow the College of Policing’s Authorised Professional Practice (APP) on Live Facial Recognition.
On 4th December the Government launched a consultation on a new legal framework for law enforcement use of biometrics, facial recognition and similar technologies. During the consultation we want to hear views on when and how biometrics, facial recognition and similar technologies should be used, and what safeguards and oversight are needed. |
|
Police: Biometrics
Asked by: Lord Taylor of Warwick (Non-affiliated - Life peer) Tuesday 23rd December 2025 Question to the Home Office: To ask His Majesty's Government what steps they are taking to ensure that any use of live facial recognition cameras by law enforcement bodies is subject to clear safeguards to protect privacy and human rights. Answered by Lord Hanson of Flint - Minister of State (Home Office) When deploying facial recognition technology, police forces must comply with existing legislation including the Human Rights Act 1998, Equality Act 2010, Data Protection Act 2018, Police and Criminal Evidence Act 1984, as well as their own published policies. For live facial recognition, police forces must also follow the College of Policing’s Authorised Professional Practice (APP) on Live Facial Recognition. Forces must also give due regard to the Surveillance Camera Code of Practice, which is supplemented by published policing policies.
On 4 December the Government launched a 10 week public consultation on law enforcement use of biometrics, facial recognition and similar technologies. We are consulting on a new legal framework to create consistent, durable rules and appropriate safeguards for biometrics and facial recognition. This framework will aim to strike the right balance between public protection and privacy. The consultation will close week commencing 9 Feb 2026. |
|
Medical Records
Asked by: Helen Maguire (Liberal Democrat - Epsom and Ewell) Monday 22nd December 2025 Question to the Department of Health and Social Care: To ask the Secretary of State for Health and Social Care, what assessment his Department has made of making patient records owned by the patient. Answered by Zubir Ahmed - Parliamentary Under-Secretary (Department of Health and Social Care) Health records are not owned by patients, as the providers of care who create and maintain the records are the data controllers, although all patients have the right to access their records under the Data Protection Act 2018. Patients also have the legal right to ask for factual inaccuracies to be amended. The general practice (GP) record can be viewed online on the NHS App, or by logging onto the National Health Service website. Individuals can alternatively contact their practice to view their record. To view a hospital record, individuals can ask the trust where they are a patient. As part of the 10-Year Health Plan, we are developing a single patient record which will give patients greater control over their records, and act as a patient passport to seamless care. It will provide a single, secure, and authoritative account of their data by bringing together all of a patient’s medical information from different records in one place, for example GP and hospital data, and patients will be able to view the record securely on the NHS App and add their own data, for example from a wearable device. |
|
Department for Culture, Media and Sport: Disciplinary Proceedings
Asked by: Neil O'Brien (Conservative - Harborough, Oadby and Wigston) Thursday 18th December 2025 Question to the Department for Digital, Culture, Media & Sport: To ask the Secretary of State for Culture, Media and Sport, how many disciplinary cases were concluded against civil servants in (a) her Department and (b) its agencies by (i) outcome and (ii) whether the primary allegation related to (A) performance and (B) conduct in the last twelve months. Answered by Ian Murray - Minister of State (Department for Science, Innovation and Technology) In the last 12 months, there have been 6 disciplinary cases that have concluded within DCMS. All related to an allegation of misconduct.
We cannot provide the outcome of closed disciplinary cases. Doing so would breach the Data Protection Act and risk identifying individual cases where the case count is five or less, as the information relates to someone other than the data subjects.
DCMS does not hold information regarding its agencies, including its arms-length and public bodies. This is because they are independent employers from the department.
Poor performance is addressed under a separate management procedure.
|
|
Police: Biometrics
Asked by: Wendy Morton (Conservative - Aldridge-Brownhills) Wednesday 17th December 2025 Question to the Home Office: To ask the Secretary of State for the Home Department, with reference to the Written Statement entitled Consultation on a new legal framework for law enforcement use of biometrics, facial recognition and similar technologies, published on 4 December 2025, HCWS1129, what assessment her Department has made of current police practice regarding the deployment of facial recognition and related technologies; how operational consistency across police forces will be ensured under the proposed new framework; and what plans she has to strengthen oversight mechanisms, including independent scrutiny, to guarantee that law enforcement agencies use these technologies only within clearly defined legal parameters and with transparent accountability. Answered by Sarah Jones - Minister of State (Home Office) The Government recognises the importance of ensuring the use of facial recognition and similar biometric technologies by law enforcement remains proportionate to the seriousness of the harm being addressed. The consultation launched on 4 December seeks views on whether seriousness of harm should be a factor to decide how and when law enforcement organisations can acquire, retain, and use biometrics, facial recognition, and similar technology. The consultation also asks for views on what factors are relevant to consider when assessing ‘seriousness’ of harm and for which purposes should law enforcement organisations be allowed to use these technologies. We do not intend to publish an impact assessment specifically on the potential implications for civil liberties as part of the consultation process. However, alongside the consultation we have published an equalities impact assessment which makes clear the Government’s commitment to building public trust by highlighting the specific legal frameworks that will be put in place and the statutory bodies for oversight, which will apply to everyone in England and Wales. We recognise that to maintain public confidence we must ensure individual rights, privacy and data security are protected. We believe that the use of biometric and inferential technology should always be demonstrably ‘necessary’ and ‘proportionate’ to the objective being sought. Furthermore, a clear and consistent justification for interference with people’s rights is required. Threshold setting and decision making needs to be attributed to, and shared appropriately between, Parliament, Ministers, independent oversight bodies, and law enforcement organisations. The consultation seeks views on what factors are relevant to consider when assessing interference with privacy so as to ensure the legal framework reflects the views of the public. When using facial recognition technology, police forces must comply with existing legislation including the Human Rights Act 1998, Equality Act 2010, Data Protection Act 2018, Police and Criminal Evidence Act 1984, as well as their own published policies. For live facial recognition, police forces must also follow the College of Policing’s Authorised Professional Practice (APP) on Live Facial Recognition. Oversight of police practice regarding deployment of facial recognition and related technologies is currently provided by regulators and public bodies, including the Biometrics and Surveillance Camera Commissioner, the Information Commissioner, HMICFRS, Equality and Human Rights Commission, and the Independent Office for Police Conduct. The courts system also plays a vital role in ensuring the law is upheld. The Government recognises the importance of independent scrutiny to ensure operational consistency across forces under new framework. That is why the consultation explained the government’s proposal to create a single regulatory and oversight body to oversee law enforcement use of biometrics, facial recognition and similar technologies. The Government envisage giving this body the necessary powers to provide assurance that law enforcement use of biometric technologies is legal, responsible, and necessary. These powers could include setting standards to assure scientific validity, issuing codes of practice and investigating instances where a technology has been misused, hacked or accessed without authorisation. |
|
Police: Biometrics
Asked by: Wendy Morton (Conservative - Aldridge-Brownhills) Wednesday 17th December 2025 Question to the Home Office: To ask the Secretary of State for the Home Department, with reference to the Written Statement entitled Consultation on a new legal framework for law enforcement use of biometrics, facial recognition and similar technologies, published on 4 December 2025, HCWS1129, what assessment she has made of the safeguards required to ensure that the use of facial recognition and similar biometric technologies by law enforcement remains proportionate to the seriousness of the harm being addressed; what steps she plans to take to ensure that the legal framework maintains public confidence in the protection of individual rights, privacy and data security; and whether she intends to publish an impact assessment on the potential implications for civil liberties as part of the consultation process. Answered by Sarah Jones - Minister of State (Home Office) The Government recognises the importance of ensuring the use of facial recognition and similar biometric technologies by law enforcement remains proportionate to the seriousness of the harm being addressed. The consultation launched on 4 December seeks views on whether seriousness of harm should be a factor to decide how and when law enforcement organisations can acquire, retain, and use biometrics, facial recognition, and similar technology. The consultation also asks for views on what factors are relevant to consider when assessing ‘seriousness’ of harm and for which purposes should law enforcement organisations be allowed to use these technologies. We do not intend to publish an impact assessment specifically on the potential implications for civil liberties as part of the consultation process. However, alongside the consultation we have published an equalities impact assessment which makes clear the Government’s commitment to building public trust by highlighting the specific legal frameworks that will be put in place and the statutory bodies for oversight, which will apply to everyone in England and Wales. We recognise that to maintain public confidence we must ensure individual rights, privacy and data security are protected. We believe that the use of biometric and inferential technology should always be demonstrably ‘necessary’ and ‘proportionate’ to the objective being sought. Furthermore, a clear and consistent justification for interference with people’s rights is required. Threshold setting and decision making needs to be attributed to, and shared appropriately between, Parliament, Ministers, independent oversight bodies, and law enforcement organisations. The consultation seeks views on what factors are relevant to consider when assessing interference with privacy so as to ensure the legal framework reflects the views of the public. When using facial recognition technology, police forces must comply with existing legislation including the Human Rights Act 1998, Equality Act 2010, Data Protection Act 2018, Police and Criminal Evidence Act 1984, as well as their own published policies. For live facial recognition, police forces must also follow the College of Policing’s Authorised Professional Practice (APP) on Live Facial Recognition. Oversight of police practice regarding deployment of facial recognition and related technologies is currently provided by regulators and public bodies, including the Biometrics and Surveillance Camera Commissioner, the Information Commissioner, HMICFRS, Equality and Human Rights Commission, and the Independent Office for Police Conduct. The courts system also plays a vital role in ensuring the law is upheld. The Government recognises the importance of independent scrutiny to ensure operational consistency across forces under new framework. That is why the consultation explained the government’s proposal to create a single regulatory and oversight body to oversee law enforcement use of biometrics, facial recognition and similar technologies. The Government envisage giving this body the necessary powers to provide assurance that law enforcement use of biometric technologies is legal, responsible, and necessary. These powers could include setting standards to assure scientific validity, issuing codes of practice and investigating instances where a technology has been misused, hacked or accessed without authorisation. |
|
Police: Biometrics
Asked by: Wendy Morton (Conservative - Aldridge-Brownhills) Wednesday 17th December 2025 Question to the Home Office: To ask the Secretary of State for the Home Department, with reference to the Written Statement entitled Consultation on a new legal framework for law enforcement use of biometrics, facial recognition and similar technologies, published on 4 December 2025, HCWS1129, what assessment her Department has made of the effectiveness of police practice in the deployment of facial recognition and other biometric technologies; and whether she plans to enhance oversight and independent scrutiny of that deployment. Answered by Sarah Jones - Minister of State (Home Office) The Government recognises the importance of ensuring the use of facial recognition and similar biometric technologies by law enforcement remains proportionate to the seriousness of the harm being addressed. The consultation launched on 4 December seeks views on whether seriousness of harm should be a factor to decide how and when law enforcement organisations can acquire, retain, and use biometrics, facial recognition, and similar technology. The consultation also asks for views on what factors are relevant to consider when assessing ‘seriousness’ of harm and for which purposes should law enforcement organisations be allowed to use these technologies. We do not intend to publish an impact assessment specifically on the potential implications for civil liberties as part of the consultation process. However, alongside the consultation we have published an equalities impact assessment which makes clear the Government’s commitment to building public trust by highlighting the specific legal frameworks that will be put in place and the statutory bodies for oversight, which will apply to everyone in England and Wales. We recognise that to maintain public confidence we must ensure individual rights, privacy and data security are protected. We believe that the use of biometric and inferential technology should always be demonstrably ‘necessary’ and ‘proportionate’ to the objective being sought. Furthermore, a clear and consistent justification for interference with people’s rights is required. Threshold setting and decision making needs to be attributed to, and shared appropriately between, Parliament, Ministers, independent oversight bodies, and law enforcement organisations. The consultation seeks views on what factors are relevant to consider when assessing interference with privacy so as to ensure the legal framework reflects the views of the public. When using facial recognition technology, police forces must comply with existing legislation including the Human Rights Act 1998, Equality Act 2010, Data Protection Act 2018, Police and Criminal Evidence Act 1984, as well as their own published policies. For live facial recognition, police forces must also follow the College of Policing’s Authorised Professional Practice (APP) on Live Facial Recognition. Oversight of police practice regarding deployment of facial recognition and related technologies is currently provided by regulators and public bodies, including the Biometrics and Surveillance Camera Commissioner, the Information Commissioner, HMICFRS, Equality and Human Rights Commission, and the Independent Office for Police Conduct. The courts system also plays a vital role in ensuring the law is upheld. The Government recognises the importance of independent scrutiny to ensure operational consistency across forces under new framework. That is why the consultation explained the government’s proposal to create a single regulatory and oversight body to oversee law enforcement use of biometrics, facial recognition and similar technologies. The Government envisage giving this body the necessary powers to provide assurance that law enforcement use of biometric technologies is legal, responsible, and necessary. These powers could include setting standards to assure scientific validity, issuing codes of practice and investigating instances where a technology has been misused, hacked or accessed without authorisation. |
|
Artificial Intelligence: Safety
Asked by: Dawn Butler (Labour - Brent East) Wednesday 17th December 2025 Question to the Department for Science, Innovation & Technology: To ask the Secretary of State for Science, Innovation and Technology, pursuant to the answer of 9 December to Question 96093, what steps the Government is taking to safeguard individuals from non-sexually explicit deepfakes, digital impersonation, and the misuse of personal identity. Answered by Kanishka Narayan - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology) Solutions that help to determine what media is real and what is AI-generated are key to tackling a range of AI risks. The government is undertaking work to explore the potential methods for detecting AI-generated content. The UK’s Online Safety Act has introduced duties on in scope services to tackle digital impersonation where it amounts to an existing offence, including false statements about a candidate's character or conduct ahead of or during an election. The UK also has strong data protection laws to help tackle the misuse of personal identity, through the UK GDPR and the Data Protection Act 2018. These laws require that any personal data processing is lawful, fair and transparent. |
|
Genomics: Information Sharing
Asked by: Gavin Williamson (Conservative - Stone, Great Wyrley and Penkridge) Thursday 11th December 2025 Question to the Department for Science, Innovation & Technology: To ask the Secretary of State for Science, Innovation and Technology, what mechanisms are in place to ensure that UK institutions and companies comply with the GDPR, the Data Protection Act 2018, and other relevant national security requirements when sharing genomic data internationally. Answered by Ian Murray - Minister of State (Department for Science, Innovation and Technology) The UK has one of the most robust data protection regimes in the world, with all organisations required to comply with our legislation to safeguard UK personal data when transferring it overseas. Failure to do so can result in enforcement action. Our data regulator, the Information Commissioner’s Office, has powers to take enforcement action and issue hefty fines. Individuals who consider that their data has been misused can also take legal action. |
| Secondary Legislation |
|---|
|
Surrey (Structural Changes) Order 2026 This Order provides for the establishment, on 1st April 2027, of a single tier of local government in Surrey. Part 2 creates two new councils: West Surrey Council, for the same area as the existing districts of Guildford, Runnymede, Spelthorne, Surrey Heath, Waverley and Woking; and East Surrey Council, for the same area as the existing districts of Elmbridge, Epsom and Ewell, Mole Valley, Reigate and Banstead and Tandridge. Parliamentary Status - Text of Legislation - Draft affirmative Laid: Wednesday 14th January - In Force: Not stated Found: Orders) (England) Regulations 2001(27), as a relevant authority; (e)for the purposes of the Data Protection Act |
|
Cheshire and Warrington Combined Authority Order 2026 This Order establishes the Cheshire and Warrington Combined Authority (“the Combined Authority”) and provides for the election of the mayor and confers certain functions of local authorities and other public authorities on the Combined Authority. Parliamentary Status - Text of Legislation - Draft affirmative Laid: Thursday 18th December - In Force: Not stated Found: , the Police and Justice Act 2006 (c. 48) and amended by paragraph 45 of Schedule 19 to the Data Protection Act |
|
Cumbria Combined Authority Order 2026 This Order establishes the Cumbria Combined Authority (“the Combined Authority”), provides for the election of a mayor and confers certain of the functions of local authorities and other public authorities on the Combined Authority. Parliamentary Status - Text of Legislation - Draft affirmative Laid: Thursday 18th December - In Force: Not stated Found: , the Police and Justice Act 2006 (c. 48) and amended by paragraph 45 of Schedule 19 to the Data Protection Act |
|
Data (Use and Access) Act 2025 (Consequential and Other Amendments) Regulations 2025 These Regulations make amendments which are consequential on provisions in the Data (Use and Access) Act 2025 (c. 18) (“the 2025 Act”). They also make related changes in relation to recordable offences. Parliamentary Status - Text of Legislation - Made negative Laid: Wednesday 17th December - In Force: Not stated Found: In accordance with section 182(2) of the Data Protection Act 2018, the Secretary of State has consulted |
| Department Publications - Transparency |
|---|
|
Tuesday 13th January 2026
Home Office Source Page: Framework document between Migration Advisory Committee and the Home Office Document: (PDF) Found: for information is received by either party under the Freedom of Information Act 2000, the Data Protection Act |
|
Thursday 18th December 2025
Cabinet Office Source Page: Civil Superannuation annual account 2024 to 2025 Document: (PDF) Found: National Cyber Security Centre (NCSC) guidance, General Data Protection Regulations (GDPR), the Data Protection Act |
|
Wednesday 10th December 2025
Home Office Source Page: Forensic Information Databases annual report 2024 to 2025 Document: (PDF) Found: biometric information is sensitive personal information and is handled in accordance with the Data Protection Act |
| Department Publications - Guidance |
|---|
|
Thursday 8th January 2026
Ministry of Justice Source Page: External escorts policy framework Document: (PDF) Found: individual recorded as a consequence of this framework will be processed in accordance with the Data Protection Act |
|
Wednesday 31st December 2025
Ministry of Housing, Communities and Local Government Source Page: Short Form Terms Document: (PDF) Found: software or system that the Supplier is required to develop under this Contract; "DPA 2018" the Data Protection Act |
|
Wednesday 31st December 2025
Ministry of Housing, Communities and Local Government Source Page: Low Value Terms Document: (PDF) Found: h) ‘Data Protection Legislation’ means • the UK GDPR • the Data Protection Act 2018 • all applicable |
|
Tuesday 30th December 2025
Department for Education Source Page: Children in need census 2026 to 2027: guide Document: (PDF) Found: protection and data sharing 8 Legal duties under the UK General Data Protection Regulation and Data Protection Act |
|
Monday 29th December 2025
Foreign, Commonwealth & Development Office Source Page: Measuring and incentivising academic research for social impact in Southern Africa Document: Volume 5.2: Contract section 2, standard terms and conditions (webpage) Found: “DPA 2018” means the Data Protection Act 2018“Default” means any breach of the obligations of the Supplier |
|
Tuesday 23rd December 2025
Home Office Source Page: Law Enforcement Data Service (LEDS) data protection policy Document: (PDF) Found: statutory obligations relating to the management of personal data in LEDS arising from the Data Protection Act |
|
Tuesday 23rd December 2025
Home Office Source Page: Law Enforcement Data Service (LEDS) data protection policy Document: Law Enforcement Data Service (LEDS) data protection policy (webpage) Found: statutory obligations relating to the management of personal data in LEDS arising from the Data Protection Act |
|
Monday 22nd December 2025
Foreign, Commonwealth & Development Office Source Page: Fiscal incentives for private sector research and development investment in Kenya Document: Volume 5.2: Contract section 2, standard terms and conditions (webpage) Found: “DPA 2018” means the Data Protection Act 2018“Default” means any breach of the obligations of the Supplier |
|
Monday 22nd December 2025
Foreign, Commonwealth & Development Office Source Page: Generating evidence from UK-supported energy pilots in Uganda to inform policy coherence, scale and investment for the energy transition Document: Volume 5.2: Contract section 2, standard terms and conditions (webpage) Found: “DPA 2018” means the Data Protection Act 2018“Default” means any breach of the obligations of the Supplier |
|
Thursday 18th December 2025
Home Office Source Page: Law Enforcement Data Service (LEDS) privacy notice Document: Law Enforcement Data Service (LEDS) privacy notice (webpage) Found: statutory obligations relating to the management of personal data in LEDS arising from the Data Protection Act |
|
Thursday 18th December 2025
Home Office Source Page: Law Enforcement Data Service (LEDS) privacy notice Document: (PDF) Found: statutory obligations relating to the management of personal data in LEDS arising from the Data Protection Act |
|
Tuesday 16th December 2025
Ministry of Housing, Communities and Local Government Source Page: Development Management Fund: privacy notice Document: Development Management Fund: privacy notice (webpage) Found: following is to explain your rights and give you the information you are be entitled to under the Data Protection Act |
|
Tuesday 16th December 2025
Department for Energy Security & Net Zero Source Page: CCUS Humber capture project market survey Document: (webpage) Found: may be disclosed in accordance with UK legislation (the Freedom of Information Act 2000, the Data Protection Act |
|
Monday 15th December 2025
Foreign, Commonwealth & Development Office Source Page: Mapping constraints, opportunities and reforms for inclusive job creation in Kenya Document: Volume 5.2: Contract section 2, standard terms and conditions (webpage) Found: “DPA 2018” means the Data Protection Act 2018“Default” means any breach of the obligations of the Supplier |
|
Monday 15th December 2025
Department for Energy Security & Net Zero Source Page: DESNZ Public Attitudes Tracker: technical report, Winter 2024 to Summer 2025 Document: (PDF) Found: will be processed in accordance with the MRS Code of Conduct, and in compliance with the Data Protection Act |
|
Friday 12th December 2025
Foreign, Commonwealth & Development Office Source Page: Evaluating UK-Southern Africa higher education research partnerships Document: Volume 5.2: Contract section 2, standard terms and conditions (webpage) Found: “DPA 2018” means the Data Protection Act 2018“Default” means any breach of the obligations of the Supplier |
|
Tuesday 9th December 2025
Ministry of Housing, Communities and Local Government Source Page: Community-led Housing Research: privacy notice Document: Community-led Housing Research: privacy notice (webpage) Found: process data only within the limits of UK data protection laws, including the UK GDPR and the Data Protection Act |
| Department Publications - Consultations |
|---|
|
Wednesday 7th January 2026
Ministry of Justice Source Page: Interest on Lawyers' Client Accounts Scheme Document: (PDF) Found: to information regimes (these are primarily the Freedom of Information Act 2000 (FOIA), the Data Protection Act |
|
Tuesday 6th January 2026
Department for Transport Source Page: Reviewing the law for powered mobility devices Document: (PDF) Found: The department will process your personal data in accordance with the Data Protection Act 2018 (DPA) |
|
Thursday 18th December 2025
Home Office Source Page: Licensing of contractors who carry out security services and in-house CCTV operators Document: (webpage) Found: to information regimes (these are primarily the Freedom of Information Act 2000 (FOIA), the Data Protection Act |
|
Wednesday 17th December 2025
Ministry of Housing, Communities and Local Government Source Page: Single construction regulator prospectus Document: (PDF) Found: Section 8(d) of the Data Protection Act 2018 states that this will include processing of personal data |
|
Tuesday 16th December 2025
Ministry of Housing, Communities and Local Government Source Page: National Planning Policy Framework: proposed reforms and other changes to the planning system Document: (PDF) Found: Section 8(d) of the Data Protection Act 2018 states that this will include processing of personal data |
|
Tuesday 16th December 2025
Home Office Source Page: Licensing for knife sales Document: (PDF) Found: The Home Office will process your personal data in accordance with the Data Protection Act and, in the |
|
Tuesday 16th December 2025
Department for Energy Security & Net Zero Source Page: Proposed refinements for Allocation Round 8 and future rounds Document: (PDF) Found: be disclosed in accordance with UK legislation (the Freedom of Information Act 2000, the Data Protection Act |
|
Tuesday 16th December 2025
Department for Energy Security & Net Zero Source Page: Changes to energy infrastructure planning application fees Document: (PDF) Found: be disclosed in accordance with UK legislation (the Freedom of Information Act 2000, the Data Protection Act |
|
Wednesday 10th December 2025
Department for Energy Security & Net Zero Source Page: Smart Secure Electricity Systems (SSES) Programme: draft load control licence regulations and conditions Document: (PDF) Found: be disclosed in accordance with UK legislation (the Freedom of Information Act 2000, the Data Protection Act |
|
Wednesday 10th December 2025
Department for Energy Security & Net Zero Source Page: Financial support for nuclear lifetime extensions Document: (PDF) Found: be disclosed in accordance with UK legislation (the Freedom of Information Act 2000, the Data Protection Act |
|
Tuesday 9th December 2025
Department for Energy Security & Net Zero Source Page: Extended CE marking recognition for Ecodesign regulations Document: (PDF) Found: be disclosed in accordance with UK legislation (the Freedom of Information Act 2000, the Data Protection Act |
|
Monday 8th December 2025
Department for Energy Security & Net Zero Source Page: Warm Home Discount (WHD): cost recovery Document: (PDF) Found: be disclosed in accordance with UK legislation (the Freedom of Information Act 2000, the Data Protection Act |
|
Monday 8th December 2025
Department for Work and Pensions Source Page: Public Authorities (Fraud, Error and Recovery) Act DWP Codes of Practice: Verifying Eligibility in the Welfare System, Obtaining Information and Recovering Debt Document: (PDF) Found: be processed under the general processing regime set out in the UK GDPR and Part 2 of the Data Protection Act |
| Department Publications - Policy and Engagement |
|---|
|
Monday 29th December 2025
Department of Health and Social Care Source Page: Expanding access to naloxone: supply and emergency use Document: (PDF) Found: (2) For the purposes of section 8(c) of the Data Protection Act 2018 (lawfulness of processing: public |
| Department Publications - Policy paper |
|---|
|
Friday 19th December 2025
Ministry of Justice Source Page: Responding to human rights judgments: 2024 to 2025 Document: (PDF) Found: General measures The Data Protection Act 2018 (DPA), which came into force in May 2018, requires periodic |
|
Friday 19th December 2025
Ministry of Justice Source Page: Responding to human rights judgments: 2024 to 2025 Document: (PDF) Found: General measures The Data Protection Act 2018 (DPA), which came into force in May 2018, requires periodic |
| Department Publications - Statistics |
|---|
|
Wednesday 10th December 2025
Department for Digital, Culture, Media & Sport Source Page: Community Life Survey 2024/25 annual publication Document: (PDF) Found: Data Protection All information will be processed in compliance with the Data Protection Act 2018 and |
| Non-Departmental Publications - Guidance and Regulation |
|---|
|
Jan. 12 2026
Competition and Markets Authority Source Page: The Rolling Stock Leasing Market Investigation Order 2009 and undertakings Document: (PDF) Guidance and Regulation Found: confidentiality under an agreement; and (f) ‘personal data’ has the same meaning given to it in the Data Protection Act |
|
Jan. 09 2026
Ofsted Source Page: Initial teacher education inspection data summary report (IDSR) guide Document: Initial teacher education inspection data summary report (IDSR) guide (webpage) Guidance and Regulation Found: the data in the IDSR, you must recognise the privacy of that data and always comply with the Data Protection Act |
|
Jan. 08 2026
Planning Inspectorate Source Page: Section 62A Planning Application: S62A/2025/0133 Stoke Lodge Playing Fields, West Dene, Shirehampton, Bristol BS9 2BH - additional documents Document: Adrian Dobrovicz (PDF) Guidance and Regulation Found: residents (2011 Bristol Core Strategy), let alone any references to the core principles of the Data Protection Act |
|
Jan. 08 2026
HM Prison and Probation Service Source Page: External escorts policy framework Document: (PDF) Guidance and Regulation Found: individual recorded as a consequence of this framework will be processed in accordance with the Data Protection Act |
|
Jan. 05 2026
Civil Service Source Page: Civil Service management code Document: (webpage) Guidance and Regulation Found: 7The Advisory Committee handles personal information provided to it in accordance with the Data Protection Act |
|
Dec. 18 2025
Office of Financial Sanctions Implementation Source Page: OFSI General Licence INT/2025/8202932 Document: (PDF) Guidance and Regulation Found: to third parties only in compliance with the UK General Data Protection Regulation and the Data Protection Act |
|
Dec. 17 2025
Office of Financial Sanctions Implementation Source Page: OFSI General Licence INT/2025/7323088 Document: (PDF) Guidance and Regulation Found: to third parties only in compliance with the UK General Data Protection Regulation and the Data Protection Act |
|
Dec. 16 2025
Defence and Security Accelerator Source Page: Competition: Defence Innovation Loans FY25/26 Cycle 6 Document: (PDF) Guidance and Regulation Found: We particularly draw to your attention the Bribery Act 2010, the Data Protection Act 2018, the Fraud |
|
Dec. 15 2025
Homes England Source Page: Grant Agreement examples for the Social and Affordable Homes Programme 2026 to 2036 Document: (PDF) Guidance and Regulation Found: ascribed to it in the Data Protection Legislation; Data Protection Legislation means: (a) Data Protection Act |
|
Dec. 15 2025
Homes England Source Page: Grant Agreement examples for the Social and Affordable Homes Programme 2026 to 2036 Document: (PDF) Guidance and Regulation Found: ascribed to it in the Data Protection Legislation; Data Protection Legislation means: (a) Data Protection Act |
|
Dec. 12 2025
Office of Financial Sanctions Implementation Source Page: OFSI General Licence INT/2022/1839676 Document: (PDF) Guidance and Regulation Found: to third parties only in compliance with the UK General Data Protection Regulation and the Data Protection Act |
|
Dec. 12 2025
Ofsted Source Page: Applying to work some of the time on non-domestic premises (EYA) Document: (webpage) Guidance and Regulation Found: information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act |
|
Dec. 09 2025
Serious Fraud Office Source Page: Recruitment privacy notice Document: Recruitment privacy notice (webpage) Guidance and Regulation Found: which relates to our obligations in employment law, paired with Schedule 1 part 1(1) of the Data Protection Act |
|
Dec. 09 2025
Defence and Security Accelerator Source Page: Competition: Defence Innovation Loans FY 25/26 Cycle 6 Document: (PDF) Guidance and Regulation Found: We particularly draw to your attention the Bribery Act 2010, the Data Protection Act 2018, the Fraud |
| Non-Departmental Publications - Transparency |
|---|
|
Jan. 12 2026
Pubs Code Adjudicator Source Page: PCA Annual Report and Accounts 2024-25 Document: (PDF) Transparency Found: consistent with the requirements of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act |
|
Jan. 06 2026
Royal Armouries Museum Source Page: Royal Armouries Annual Report and Accounts 2024 to 2025 Document: (PDF) Transparency Found: , including but not limited to Charities Act 2011, Equality Act 2010, Bribery Act 2010 and Data Protection Act |
|
Dec. 22 2025
Local Government and Social Care Ombudsman Source Page: Local Government and Social Care Ombudsman annual report and accounts 2024 to 2025 Document: (PDF) Transparency Found: accountable to the public, it is important we respond to formal requests for information (Data Protection Act |
|
Dec. 18 2025
Gangmasters and Labour Abuse Authority Source Page: Gangmasters and Labour Abuse Authority: annual report and accounts 2024 to 2025 Document: (PDF) Transparency Found: • Non-Compliance with Data Protection Act and General Data Protection Regulation – GLAA is still |
|
Dec. 18 2025
Gangmasters and Labour Abuse Authority Source Page: Gangmasters and Labour Abuse Authority: annual report and accounts 2024 to 2025 Document: (PDF) Transparency Found: • Non-Compliance with Data Protection Act and General Data Protection Regulation – GLAA is still |
|
Dec. 18 2025
Maritime and Coastguard Agency Source Page: MCA annual report and accounts 2024 to 2025 Document: (PDF) Transparency Found: protection requirements contained within the UK General Data Protection Regulation and the Data Protection Act |
|
Dec. 18 2025
Civil Nuclear Constabulary Source Page: Learner Safeguarding Procedure Document: (PDF) Transparency Found: This will ensure compliance with the law in terms of its duties under the Data Protection Act 1998, |
|
Dec. 11 2025
Cafcass Source Page: Cafcass annual report and accounts 2024 to 2025 Document: (PDF) Transparency Found: can request this information through the Subject Access Request (SAR) process set out in the Data Protection Act |
|
Dec. 10 2025
Sellafield Ltd Source Page: Sellafield Ltd Data Protection Complaints Policy Document: (PDF) Transparency Found: special category data, we rely on substantial public interest, and our condition under the Data Protection Act |
| Non-Departmental Publications - Open consultation |
|---|
|
Dec. 29 2025
Department of Health (Northern Ireland) Source Page: Expanding access to naloxone: supply and emergency use Document: (PDF) Open consultation Found: (2) For the purposes of section 8(c) of the Data Protection Act 2018 (lawfulness of processing: public |
|
Dec. 18 2025
Security Industry Authority Source Page: Licensing of contractors who carry out security services and in-house CCTV operators Document: (webpage) Open consultation Found: to information regimes (these are primarily the Freedom of Information Act 2000 (FOIA), the Data Protection Act |
|
Dec. 09 2025
Regulator of Social Housing Source Page: Consultation on changes to the TI&A Standard Document: (PDF) Open consultation Found: Regulations 2004 (EIR), however any disclosure will be in line with the requirements of the Data Protection Act |
|
Dec. 09 2025
Regulator of Social Housing Source Page: Consultation on changes to the TI&A Standard Document: (PDF) Open consultation Found: to how those classes of information are defined) in the Freedom of Information Act 2000 and Data Protection Act |
|
Dec. 09 2025
Regulator of Social Housing Source Page: Consultation on changes to the TI&A Standard Document: (PDF) Open consultation Found: to how those classes of information are defined) in the Freedom of Information Act 2000 and Data Protection Act |
|
Dec. 08 2025
Nuclear Decommissioning Authority Source Page: Nuclear Decommissioning Authority: Draft Business Plan 2026 to 2029 for consultation Document: (PDF) Open consultation Found: accordance with UK information access legislation (the Freedom of Information Act 2000, the Data Protection Act |
|
Dec. 08 2025
Nuclear Decommissioning Authority Source Page: Nuclear Decommissioning Authority: Draft Business Plan 2026 to 2029 for consultation Document: Nuclear Decommissioning Authority: Draft Business Plan 2026 to 2029 for consultation (webpage) Open consultation Found: accordance with UK information access legislation (the Freedom of Information Act 2000, the Data Protection Act |
|
Dec. 08 2025
Public Sector Fraud Authority Source Page: Consultation on PSFA Civil Penalty Powers: Code of Practice Document: (PDF) Open consultation Found: Management 18.1 How data will be processed ● The PSFA complies with the Data Protection Act |
| Non-Departmental Publications - Statistics |
|---|
|
Dec. 22 2025
Low Pay Commission Source Page: Low Pay Commission call for research for 2026 and beyond Document: (webpage) Statistics Found: “DPA 2018” the Data Protection Act 2018. |
|
Dec. 22 2025
Low Pay Commission Source Page: Low Pay Commission call for research for 2026 and beyond Document: (webpage) Statistics Found: “DPA 2018” the Data Protection Act 2018. |
|
Dec. 22 2025
Low Pay Commission Source Page: Low Pay Commission call for research for 2026 and beyond Document: (webpage) Statistics Found: “DPA 2018” the Data Protection Act 2018. |
|
Dec. 22 2025
Low Pay Commission Source Page: Low Pay Commission call for research for 2026 and beyond Document: (webpage) Statistics Found: GDPR, and any applicable national implementing Laws as amended from time to time; (ii) the Data Protection Act |
|
Dec. 22 2025
Low Pay Commission Source Page: Low Pay Commission call for research for 2026 and beyond Document: (webpage) Statistics Found: “DPA 2018” the Data Protection Act 2018. |
|
Dec. 22 2025
Low Pay Commission Source Page: Low Pay Commission call for research for 2026 and beyond Document: (webpage) Statistics Found: “DPA 2018” the Data Protection Act 2018. |
|
Dec. 22 2025
Low Pay Commission Source Page: Low Pay Commission call for research for 2026 and beyond Document: (webpage) Statistics Found: “DPA 2018” the Data Protection Act 2018. |
|
Dec. 22 2025
Low Pay Commission Source Page: Low Pay Commission call for research for 2026 and beyond Document: (webpage) Statistics Found: “DPA 2018” the Data Protection Act 2018. |
| Non-Departmental Publications - Policy and Engagement |
|---|
|
Dec. 18 2025
Medicines and Healthcare products Regulatory Agency Source Page: Regulation of AI in Healthcare Document: (PDF) Policy and Engagement Found: the purpose of ‘Equality of Opportunity or Treatment’ [UK GDPR Article 9(2)(a and g); and Data Protection Act |
| Non-Departmental Publications - Policy paper |
|---|
|
Dec. 11 2025
NHS England Source Page: Joint DHSC and NHS England evidence for the DDRB: pay round 2026 to 2027 Document: (ODS) Policy paper Found: Data is obscured where the annual headcount for a staff group is 500 or less, in line with The Data Protection Act |
|
Dec. 11 2025
NHS England Source Page: Joint DHSC and NHS England evidence for the NHSPRB: pay round 2026 to 2027 Document: (ODS) Policy paper Found: Data is obscured where the annual headcount for a staff group is 500 or less, in line with The Data Protection Act |
| Arms Length Bodies Publications |
|---|
|
Dec. 22 2025
NHS England Source Page: General practice vaccination and immunisation services: standards and core contractual requirements Document: General practice vaccination and immunisation services: standards and core contractual requirements (webpage) Guidance Found: vaccinations and immunisations, where “processing” has the same meaning as in section 3(4) of the Data Protection Act |
| Draft Secondary Legislation |
|---|
|
The Surrey (Structural Changes) Order 2026 This Order provides for the establishment, on 1st April 2027, of a single tier of local government in Surrey. Part 2 creates two new councils: West Surrey Council, for the same area as the existing districts of Guildford, Runnymede, Spelthorne, Surrey Heath, Waverley and Woking; and East Surrey Council, for the same area as the existing districts of Elmbridge, Epsom and Ewell, Mole Valley, Reigate and Banstead and Tandridge. Ministry of Housing, Communities and Local Government Found: Orders) (England) Regulations 2001(27), as a relevant authority; (e)for the purposes of the Data Protection Act |
|
The Cumbria Combined Authority Order 2026 This Order establishes the Cumbria Combined Authority (“the Combined Authority”), provides for the election of a mayor and confers certain of the functions of local authorities and other public authorities on the Combined Authority. Ministry of Housing, Communities and Local Government Found: , the Police and Justice Act 2006 (c. 48) and amended by paragraph 45 of Schedule 19 to the Data Protection Act |
|
The Cheshire and Warrington Combined Authority Order 2026 This Order establishes the Cheshire and Warrington Combined Authority (“the Combined Authority”) and provides for the election of the mayor and confers certain functions of local authorities and other public authorities on the Combined Authority. Ministry of Housing, Communities and Local Government Found: , the Police and Justice Act 2006 (c. 48) and amended by paragraph 45 of Schedule 19 to the Data Protection Act |
| Welsh Government Publications |
|---|
|
Thursday 15th January 2026
Source Page: FOI release 26503: Animal welfare Document: Doc 1 (PDF) Found: Commissioner's Data Sharing Code of Practice of May 2011 1.1.5 Data Protection Legislation : (i) the Data Protection Act |
|
Thursday 15th January 2026
Source Page: FOI release 26503: Animal welfare Document: Animal welfare (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 2018 (‘the DPA 2018’) |
|
Tuesday 13th January 2026
Source Page: Attendance of pupils in maintained schools: 2 September 2025 to 2 January 2026 Document: Attendance of pupils in maintained schools: 2 September 2025 to 2 January 2026 (webpage) Found: personal data underlying these statistics are processed in accordance with the requirements of the Data Protection Act |
|
Wednesday 7th January 2026
Source Page: General funding round window 3 (Welsh Marine and Fisheries Scheme): guidance Document: General funding round window 3 (Welsh Marine and Fisheries Scheme): guidance (PDF) Found: Freedom of Information Act 2000, the 28 Environmental Information Regulations 2004 and the Data Protection Act |
|
Tuesday 6th January 2026
Source Page: FOI release 26504: Respiratory Protective Equipment Document: Respiratory Protective Equipment (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 1998 (‘the DPA 2018’) |
|
Tuesday 6th January 2026
Source Page: FOI release 26422: Rhydycar West Document: Rhydycar West (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 2018 (‘the DPA 2018’) |
|
Tuesday 6th January 2026
Source Page: FOI release 26399 and 26498: Water quality Document: Water quality (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 2018 (‘the DPA 2018’) |
|
Tuesday 6th January 2026
Source Page: FOI release 26401: Rhydycar West Document: Rhydycar West (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 2018 (‘the DPA 2018’) |
|
Monday 5th January 2026
Source Page: Small Grants - Environment (landscape and pollinators): general rules booklet 2026 Document: Small Grants - Environment (landscape and pollinators): general rules booklet 2026 (webpage) Found: in accordance with the obligations and duties under the Freedom of Information Act 2000, the Data Protection Act |
|
Monday 5th January 2026
Source Page: Woodland Creation Planning Scheme (January 2026): rules booklet Document: Woodland Creation Planning Scheme (January 2026): rules booklet (webpage) Found: obligations under the Freedom of Information Act 2000, the Environmental information Act 2004 or the Data Protection Act |
|
Monday 22nd December 2025
Source Page: Freedom of Information (FOI): request from the Welsh Government Document: Requesting information from the Welsh Government (webpage) Found: The Data Protection Act 2018, Freedom of Information Act 2000 and the Environmental Information Regulations |
|
Wednesday 17th December 2025
Source Page: FOI release 26284: Llansteffan North Green car park Document: Llansteffan North Green car park (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 2018 (‘the DPA 2018’) |
|
Wednesday 17th December 2025
Source Page: Sustainable Farming Scheme (2026): universal layer: rules booklet Document: Sustainable Farming Scheme (2026): universal layer: rules booklet (PDF) Found: used by the Welsh Government in accordance with its obligations and duties under the: • The Data Protection Act |
|
Tuesday 16th December 2025
Source Page: FOI release 26391: Cafcass complaints Document: Cafcass complaints (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 2018 (‘the DPA 2018’) |
|
Tuesday 16th December 2025
Source Page: Significant infrastructure projects (SIP): notification of proposed application Document: Significant infrastructure projects (SIP): notification of proposed application (PDF) Found: supplied by you in this form, is in accordance with the terms of our registration under the Data Protection Act |
|
Tuesday 16th December 2025
Source Page: Attendance of pupils in maintained schools: 2 September to 5 December 2025 Document: Attendance of pupils in maintained schools: 2 September to 5 December 2025 (webpage) Found: personal data underlying these statistics are processed in accordance with the requirements of the Data Protection Act |
|
Tuesday 16th December 2025
Source Page: Remote working (National Survey for Wales): April 2024 to March 2025 Document: Remote working (National Survey for Wales): April 2024 to March 2025 (webpage) Found: personal data underlying these statistics is processed in accordance with the requirements of the Data Protection Act |
| Welsh Senedd Debates |
|---|
|
Group 11: Office of Environmental Governance: disclosure of information and confidentiality (Amendments 16, 17, 18)
None speech (None words) Thursday 11th December 2025 - None |
|
2. Development of Tourism and Regulation of Visitor Accommodation (Wales) Bill: Evidence Session 1
None speech (None words) Wednesday 5th November 2025 - None |
| Welsh Senedd Speeches |
|---|
|
No Department |
|
No Department |