Data (Use and Access) Act 2025: Unlocking research potential for universities
The Data (Use and Access) Act 2025 (DUAA) received Royal Assent on 19 June 2025, modernising the UK's data protection framework.
While much attention has focused on subject access requests (SARs) and complaints processes, the Act's research provisions offer universities transformative opportunities.
How universities can maximise data value
The Act formally defines "scientific research" as "any research that can reasonably be described as scientific, whether publicly or privately funded, or conducted commercially or not". This removes ambiguity about research collaborations with industry or privately-funded studies.
The DUAA waives the compatibility test for research uses. If you're re-using data for scientific research or statistical purposes, that re-purposing is deemed compatible. This streamlines data sharing between projects and institutions, helping universities maximise dataset value for new research.
Researchers can now seek broad consent from participants for research purposes not fully determined at data collection. This flexibility helps universities conduct longitudinal and exploratory research without constantly re-consenting participants for each new sub-study.
You'll need to meet strict requirements for ‘appropriate safeguards’ as set out in the new Article 84C. The Secretary of State may subject those safeguards to further regulation.
Where to focus your attention
The legal environment is now more research-friendly, with less red tape around using data. Research offers universities the biggest benefits from these changes, so university leaders should focus their attention here.
ICO consultation on the research provisions
The Information Commissioner's Office (ICO) will consult on research under the new Act, with guidance to reflect the DUAA changes to research expected in “Winter 2025/26". This consultation will be the sector's opportunity to shape how the research provisions are interpreted and implemented in practice.
You need to be ready to actively participate when this consultation happens. Universities and the health sector stand to benefit most from these legal changes. If the guidance is too cautious, it could undermine what the Act is trying to achieve. If there's not enough guidance, or it's vague, particularly on what constitutes ‘appropriate safeguards', you won't know how to use these new powers.
EU GDPR compliance will be a continuing obligation
You may still need to comply with the EU GDPR. The DUAA applies to the UK GDPR framework, but institutions with a presence in the EU, those offering services to individuals in the EU, or those monitoring EU data subjects' behaviour will remain subject to the EU GDPR alongside UK law.
Where both regimes apply, you'll need to comply with the stricter requirements. The EU GDPR doesn't include the same broad consent provisions or compatibility presumptions for research that the DUAA introduces to UK law. If you're engaged in international research collaborations, conduct a thorough jurisdictional analysis for each research project. This dual compliance obligation shouldn't overshadow the significant opportunities that the DUAA creates for UK-based research activities.
Next steps
Get ahead of this: even while waiting for different parts of the Act to commence, begin looking at how these changes might affect your planned research projects.
By actively participating in the upcoming ICO consultation, strategically using these new research powers, and building projects with safeguards that meet the required standards, you can lead the way in data-driven research.
Contact
Claire Archibald
Legal Director
claire.archibald@brownejacobson.com
+44 (0)330 045 1165
You may be interested in
Legal Update
Data (Use and Access) Act 2025: Unlocking research potential for universities
Legal Update - Be Connected (higher education)
Be Connected, higher education: Spring 2025
Legal Update
Lessons from the 2025 cyber security breaches survey for higher education
Published Article
Cloud Computing guide 2024
Legal Update
EDPB guidelines: Processing personal data in the context of AI models
Press Release
Education predictions: What does 2025 have in store for schools, trusts and universities?
Legal Update
The future of university regulation
Legal Update
Understanding the ICO's new fining guidance
Legal Update
Cyber-attacks in UK universities: Why failing to prepare is no longer an option
Legal Update
Subsidy control: Guide to streamlined routes for universities
Legal Update
Data protection in higher education: what to expect in 2024
Legal Update
Knowledge exchange and intellectual property
Opinion
The UK’s Data Protection and Digital Information Bill (No. 2): For universities
Press Release
Browne Jacobson’s intellectual property lawyers ranked experts in World Trademark Review guide 2023
Press Release
Law firm picks up record breaking sixth Education Investor Award
Browne Jacobson’s education team has been named as winner of the ‘Legal Advisors to Education Institutions’ category at the Education Investor Awards 2022 for a record sixth time.
Press Release
Thousands take part in virtual careers event to help increase diversity in the legal profession
Over 3000 young people from across the UK and Ireland took part in a virtual legal careers insight event, aimed at making the legal profession more diverse.
Press Release
Browne Jacobson and The University of Nottingham announce Knowledge Transfer Partnership to promote greater equality, diversity and inclusion in the legal sector and beyond
Legal Update
Facing the threat of cyber security breaches
Universities and colleges are not immune from deception by unscrupulous bad actors. The extent to which educational institutions can manage and control risk not only depends on financial management and internal controls, but also the robustness of security and processes which can be exploited from outside the organisation.
Legal Update
Data reform in the UK
Since the UK left the EU and are now able to move away from the EU data protection regime, the UK government have implemented a national data strategy with the aim of reducing the burden on organisations but maintaining a high data protection standard.
Legal Update
be connected newsletter for higher education - May 2022
In this edition we provide you with the latest in legal updates, news and insight from the higher education sector.
Legal Update
Creating a profitable future for your university intellectual property
Press Release
Browne Jacobson’s C-suite exec level coaching team appoints two new education specialists
National law firm Browne Jacobson has grown its team behind its dedicated Space + Time executive coaching programme with the addition of two more qualified coaches who will work with clients in the education sector.
Legal Update
be connected newsletter for higher education - February 2022
In this edition we provide you with the latest in legal updates, news and insight from the higher education sector.
Legal Update
be connected newsletter for higher education - November 2021
In this edition we provide you with the latest in legal updates, news and insight from the higher education sector.
Press Release
Browne Jacobson hosts UK’s largest virtual legal careers event to boost access to careers in law
Published Article
Women in knowledge exchange and spinouts
Legal Update
Steps to take following a data breach: reporting, criminal charges and injunctions
Student and staff files will be full of personal data, much of which may be particularly sensitive such as health information (known under the data protection legislation as “special category” data).
On-Demand
Diversity in spinouts, start-ups and early stage funding
On-Demand
University spinouts and joint ventures – developing your in-house expertise
Legal Update
be connected newsletter for higher education - April 2021
In this edition of our higher education newsletter, we provide you with the latest in legal updates, news and insight from the higher education sector.
Legal Update
Risk management in digital transformation for universities
Legal Update
be connected newsletter for higher education - January 2021
In this edition we provide you with the latest in legal updates, news and insight from the higher education sector.
Legal Update
Health care apps – Part 1 of 2: Exploring the ins and outs of intellectual property (IP)
Legal Update
Could your new Covid-19 related intellectual property (IP) be commandeered by the Crown?
Universities across the nation have been working valiantly to produce a vaccine for SARS-CoV-2, otherwise known as Covid-19, in addition to working tirelessly on new testing options. It is easy in these times to forget that universities may still own valuable intellectual property (IP) created in these efforts.
Published Article
Top tips for implementing ‘Data Protection by Design & Default’
The GDPR requires all businesses to implement ‘Data Protection by Design & Default’ but what does that mean in practice and how can businesses practically comply?
On-Demand
How to commercialise your IP: licensing, spin outs and JVs
Our expert panel, comprised of IP and corporate law specialists, will be discussing IP commercialisation strategies, their benefits and pitfalls, drawing on experience across the private, public and higher education sectors.