ARTICLE
29 August 2025

Does The Data (Use And Access) Act Deliver: E-privacy And ICO Enforcement? (Podcast)

AO
A&O Shearman

Contributor

A&O Shearman logo
A&O Shearman was formed in 2024 via the merger of two historic firms, Allen & Overy and Shearman & Sterling. With nearly 4,000 lawyers globally, we are equally fluent in English law, U.S. law and the laws of the world’s most dynamic markets. This combination creates a new kind of law firm, one built to achieve unparalleled outcomes for our clients on their most complex, multijurisdictional matters – everywhere in the world. A firm that advises at the forefront of the forces changing the current of global business and that is unrivalled in its global strength. Our clients benefit from the collective experience of teams who work with many of the world’s most influential companies and institutions, and have a history of precedent-setting innovations. Together our lawyers advise more than a third of NYSE-listed businesses, a fifth of the NASDAQ and a notable proportion of the London Stock Exchange, the Euronext, Euronext Paris and the Tokyo and Hong Kong Stock Exchanges.
Explore Firm Details
In this short series of podcasts, senior knowledge lawyer, Emma Keeling, and A&O Shearman's data consultant and former ICO Deputy Commissioner, Steve Wood, take a look at some of the key data protection...
United Kingdom Privacy
Emma Keeling and Steve Wood
Your Author LinkedIn Connections

In this short series of podcasts, senior knowledge lawyer, Emma Keeling, and A&O Shearman's data consultant and former ICO Deputy Commissioner, Steve Wood, take a look at some of the key data protection and e-privacy aspects of the UK's Data (Use and Access) Act 2025 (the DUAA).

In focusing on the data protection and e-privacy developments, they consider what has changed, but most importantly what that means in practice for businesses and organisations subject to the UK's GPDR, Data Protection Act and Privacy and Electronic Communications Regulations (PECR).

They consider if and how the DUAA can support innovation and technological developments, how the DUAA may relieve organisations of their day to day compliance burden, what is new for the ICO, and the implications of changes to PECR.

The ICO is set to be restructured so as to align with the corporate arrangement more familiar from other UK regulators and the DUAA also provides further detail on the ICO's duties, reporting and role with respect to codes of practice for example. However, in this third podcast, Emma and Steve focus on changes to the ICO's enforcement powers.

They go on to address updates to PECR, notably the increased alignment with the data protection regime and approaches to direct marketing and cookies.

Since recording, regulations have been made to bring into force further DUAA provisions, as from August 20 2025. In relation to the content relevant for this podcast, these include provisions regarding, amongst others, interpretation of PECR (s.109, 110 DUAA), data breach notice period under PECR (s.111 DUAA), ICO notices (s.96 DUAA), ICO power to require documents (s.97 DUAA), restructuring of ICO (s.117 and sch. 14 DUAA), secretary of state regulations (s.107 DUAA) and general minor amendments (s.108 and sch. 11 DUAA).

These podcasts assume some knowledge of data protection and you can read more on the background of the DUAA in our blogs listed below:

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Emma Keeling
Emma Keeling
Photo of Steve Wood
Steve Wood
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More