New legislation, rapidly progressing through parliament, is destined to have a major impact on the advice market.
This should be excellent news for advisers and clients. That said, it looks likely to present significant challenges to providers of all shapes and sizes, and may also have unexpected consequences for adviser and adviser tech firms.
When parliament was dissolved before the July election, the Data Protection and Digital Information No 2 Bill did not make it on to the statute book.
While not announced formally in the King’s Speech, the Data (Use and Access) Bill (D(UA)) was discreetly announced in its notes. This is the new government’s replacement legislation.
When law, it will give consumers far more control over their personal data, empowering them to direct organisations to share it with third parties of their choice.
The D(UA) builds upon existing data portability rights under GDPR. It will enable the secretary of state to establish ‘smart data’ schemes, requiring secure sharing of customer data upon consumer request.
They will not just apply to financial services but a wide range of other industries, too.
For example, the government could compel supermarkets to share information on food and other purchases with whoever an individual wants, enabling them to compare online shopping baskets or better understand the balance of healthy and unhealthy food they are consuming.
The new rules could be especially valuable in addressing the shortcomings of the pension dashboard services.
While we may finally see services live in 2025 or early 2026, firms will still not be able to retain data obtained via a dashboard. However, once consumers have located missing pensions, they could use their rights under the D(UA) to deal with pension providers afterwards.
I regularly hear advisers complain of the difficulty in accessing information from Nest and several other workplace pension providers who prefer to maintain a direct dialogue with the end consumer.
Under the D(UA), consumers could invoke their rights to compel any pension provider to share their data to any service the consumer wants to receive it.
The Bill also addresses changes to GDPR and to consumer rights relating to subject access requests (SARs). As SARs are now being used by several insurers to request medical information, this may also have an impact on the industry. However, that is something for a further article.
It is important to recognise these new rules will apply to all businesses, so could have significant implications for both advisers and technology suppliers. It is conceivable that a consumer could require a former adviser to share any information they hold with a new adviser, or indeed a competitor service.
Hypothetically, a consumer could require their adviser to share information held on their investments with another adviser or online service they wish to use. Equally, a consumer might be able to require a technology provider that has previously held their information to share it with another technology system.
Under the previous draft legislation, all these issues and those relating to fines and/or other penalties for non-compliance were left at the discretion of the secretary of state. From a financial services perspective, I could see the actual rules and requirements being crafted by the Treasury, Prudential Regulation Authority and the Financial Conduct Authority.
The D(UA) is a major step forward for the UK’s digital economy. It will give consumers far greater autonomy over their personal data, with the ability to direct organisations to share their information with the people they want to.
Originally, these changes were expected to come in under the Boris Johnson administration, so they are long overdue.
Anybody who manufactures financial products or technology services, or supports those products or advisers, needs to make developing a plan to address their obligations under the Bill as a priority early in 2025.
Ian McKenna is founder and director of FTRC
Comments