Introduction

We submitted this response to the UK government’s call for evidence on smart data opportunities in digital markets (July 2025), on 15 September 2025.

Support for Smart Data Schemes has followed the global emergence of Open Banking, which developed into an industry-wide standard after the Competition and Markets Authority’s investigation of retail banking. [1]

Following the Government’s Smart Data Roadmap, evidence for the potential for Smart Data Schemes to unlock further public and economic benefits is being analysed for multiple business sectors.

This call for evidence sought views on the potential to introduce a Smart Data scheme in digital markets. 

About this response

This page presents our answers to specific questions.

Questions 1-4, question 7, questions 9- 12 and question 14 are shown as asked in the consultation, followed by our response.

Smart Data opportunities in digital markets: Call for evidence

Section A: Designing a targeted scheme

Q1. What issues do customers face in accessing their data held by digital markets firms and sharing that data with third parties?

Customers can face significant issues in accessing their data held by digital markets firms and sharing that data with third parties. These issues can be legal, technical and practical, which can lead to an overall lack of customer empowerment. The issues include:

Burdensome access processes

Customers may need to navigate complex interfaces or multiple steps to request or share their data.

Poor data formatting

Data provided to customers can be shared in different formats and contain incomplete datasets, which can be difficult to interpret and compare with other data.

Lack of customer awareness

Customers are often unaware of what personal data digital market firms hold about them and how it’s being used. Many customers are also unaware that they have the right to request their data, or how to go about doing so.

There can be numerous research uses made of digital market data for wider health, economic or societal benefits, and there is evidence to suggest that many customers will have a high general level of trust in science. But to enable this, customers need better support to donate data through a digital markets scheme.  

Q2. What use cases do you believe could be supported through a Smart Data scheme to address those issues, including types of products and services that ATPs might be able to offer, and what outcomes could this result in?

Companies have an obligation to make sure the data they provide is complete, up-to-date and in a readable format. Third parties may have a role to play in safely receiving and working with varied, unstructured, and possibly personal, information, and to provide customers with consent mechanisms and controls.

From a research perspective we additionally, see great potential for a smart data scheme to enable data donation for research. For example, donation of high street loyalty card data has already shown potential to support earlier cancer diagnosis. Extending this to digital markets data could unlock new evidence for improving health outcomes, enhancing digital wellbeing, or improving economic resilience.

Our programme of funding, situated within UKRI-ESRC, is widening support for data donation with support for a new, Smart Data Donation Service (SDDS). Led principally by Dr David Zendle and Professor Florian Block at the University of York, SDDS is the first national research infrastructure built around existing GDPR rights of individuals to obtain a machine-readable copy of the personal data that any corporation holds about them. Initially focusing on social media and video game domains, SDDS aims to address the urgent need for evidence-based policy around online safety and digital wellbeing. It will facilitate research into diverse topics including mental health, media literacy, digital community, discriminatory behaviour, and disinformation.

Funding for SDDS forms part of our present investment in six research data services, which enable researchers to make better use of smart data for the public good.

Given the breadth of possible applications that can follow from either: consumer access, or, business publication of digital markets data, we would encourage DSIT to focus on specific areas where there is both clear market demand and identifiable barriers that Smart Data schemes could help overcome. The focus of the scheme might also align with pressing public policy challenges.

For instance:

• Health and wellbeing: enabling insight into early diagnosis, lifestyle impacts on health, and digital health interventions
• Economic security: unlocking insights into the cost-of-living crisis, financial inclusion, and productivity by linking consumer data
• Housing: addressing the current housing crisis in the UK by linking data from property market apps with consumer financial and energy data.

Q3. What types of data and data holders would need to be in scope of a scheme in order to support any business models and address data access issues and use cases you have identified above?

This is a difficult question to answer definitively given the ubiquitous scope of digital markets and the diversity of potential Smart Data applications. However, from a research perspective there are several categories of data that would be valuable to bring into scope of a smart data scheme – though we are not best placed to judge whether these are within the scope of the DSIT-proposed scheme or other Smart Data schemes:

• E-commerce marketplaces – a significant proportion of consumer transactions now take place through digital platforms. These datasets, held by major retailers and marketplace platforms such as Amazon, could support research that goes far beyond retail trends – for instance health outcomes (e.g. diet and disease detection), cost of living and inequality, sustainable consumption, and local economic development.
• Search engines (Google, Bing, etc) – data on search queries and click-throughs can provide insights into consumer demand, health behaviours and local economic activity. For consumers, Smart Data could allow greater control over how their search data is used in advertising and recommendation systems.
• Employment platforms (LinkedIn, Indeed, Glassdoor) – vacancy data and worker profiles can inform labour market analysis and productivity research.
• Travel and mobility platforms (Airbnb, Booking.com, Uber, Deliveroo, JustEat) – Data on accommodation bookings, travel and delivery patterns can inform research on urban economies, local resilience, housing affordability and the gig economy.
• Housing and property data – A growing share of housing market activity takes place on digital platforms and intermediaries such as Zoopla, Rightmove, letting agents, lenders and conveyancers. Bringing these datasets within scope of a Smart Data scheme could make it easier for individuals to access and share their own information during property transactions. From a research perspective, access to this data would also provide new insights into affordability, housing inequalities, and the relationship between housing markets and the net zero transition.
• Social platforms data – data on social media use, gaming and app engagement, held by platforms and developers. These are crucial for research into online safety, disinformation, digital literacy and mental health, with potential to support ATP services that improve digital wellbeing. This is a complex area which SDR UK’s Digital Platforms Data Access Taskforce is considering

Section B: Assessing a digital markets Smart Data scheme

Q4. What are your views on the feasibility to deliver a digital Smart Data scheme? Please consider any current or planned industry developments or changes that might affect delivery and highlight any key challenges.

Targeted Smart Data schemes could enable third parties to access customer and business data from digital markets, giving consumers more effective ways of seeing and using their own data. In addition, a digital Smart Data scheme could support wider data sharing for  research and innovation.

In principle, we believe a digital Smart Data scheme is technically feasible. However, for the scheme to be successful the following considerations are key:

• Phased implementation
  The scope of digital markets is very broad. Starting with a small number of mature sectors and building incrementally will be key. There are also key lessons to be learnt from recent Open Banking schemes.
• Strong leadership and regular stakeholder engagement, including with consumer groups, researchers, industry and regulators will be essential
  At present, researchers face fragmented and difficult experiences accessing digital market data (e.g. through subject access requests, as well as consumer data portability rights, and access to data from businesses).
• Business incentives and sector consortia
  Many digital market firms may see data access as a net cost, either because it benefits competitors or increases regulatory scrutiny. There is also a risk that digital market firms and activities will relocate if they see more burdensome provision of business or customer data in the UK compared to other countries.  It will be important to engage in advance of schemes with regulators and with business sector consortia, with close awareness of the relevant barriers and incentives.
• Regulatory clarity and oversight
  Harmonised rules and standardised data formats across sectors will be essential. Divergent approaches risk undermining data intermediaries and creating complexity. A dedicated regulatory sandbox for digital markets data, including research uses, could provide a safe space to test approaches. 
• Third party verification  
  Official guidance for smart data schemes says that organisations must assure themselves that an intermediary (third party) in a smart data scheme is acting on the behalf of an individual before responding to a data rights request, and gives broad categories for evidence that may be used to substantiate this, subject to verification (e.g. power of attorney). However, there is no explicit and firm specification for this. So the process is ambiguous, limiting certainty for third parties and consumers. A standardised, officially endorsed mechanism for authentication and authorisation would resolve this barrier at scale.

Recent developments to take into account include:

• DSIT and Ofcom’s work on a regulatory framework for researcher access to data from regulated online platforms, which a Digital Markets Smart Data scheme could align with.
• The new Statutory Gambling Levy, which will enable research on gambling-related harms, including those manifesting online. UKRI is administering the research strand and coordinating a cross-commissioner Data Working Group involving representatives of the Gambling Commission, NHS, Office for Health Improvements and Disparities, and relevant health bodies in Scotland and Wales.
• The potential to utilise new and established research data services, libraries and catalogues. We support a range of service levels, standards and guidance for research use of data, which are effective for researchers. Our terms and conditions of funding also require strict privacy safeguards when dealing with sensitive personal or anonymised data.
• UKRI’s work to advance guidance to anonymisation, privacy enhancing technologies, and synthetic data, which can help ensure customer trust in how digital market data is shared and used.

Taken together, these considerations suggest that a digital Smart Data scheme can be delivered, if it is targeted, phased and underpinned by strong governance, industry engagement and public trust.

Q7. What challenges and risks should we consider when developing a digital markets smart data scheme and how can we mitigate these? This might include (but is not limited to): competition; customer exclusion; data quality or data misuse; ethical, operational or technical readiness.

We see Smart Data schemes playing a key role in improving the portability of customer data. However, it will be important to mitigate risks and build trust before a scheme becomes official. We’d expect that the following risks will also benefit from having prospective targets for the scheme. Targets would stimulate the key stakeholders in the scheme to reach a more supported position, with solutions that could be standardised. Having explored aspects of the public’s, and businesses’, sensitivity to the uses of data we would highlight three risks to mitigate:

Variability in data quality and preparation for sharing among businesses

When data is accessed via a data portability request, resulting outputs vary. For example, some corporations provide outputs in the form of resource identifiers or locators which cannot be enriched for research purposes without breaking that platform’s terms of service. This may technically be GDPR compliant, but limits both the customer and the wider research community from benefitting from this right. 

Business sector and regulatory engagement can be more focused with particular data in mind, and involve suppliers in those sectors. This will help terms of use and business norms to develop.

In addition, approaches to legalities and ethics which address uncertainties within a scheme, allowing scope for innovation, will be needed. We responded to the broader government consultation on data intermediaries with a highlight of legal uncertainty, and note that this view was shared by others in the government’s response.

Customer privacy

When data is accessed via a portability request it typically contains data which is personal to the customer and with a rich time series. When multiple different customers receive and become controllers of their own information, it results in a fragmented distribution of personal data to settings that are not necessarily particularly secure. For researchers seeking to work with multiple instances of that data this poses a challenge to ensure that the customer’s personal data is protected in their hands. This is a challenge we tackle in funding data services which manage sensitive data appropriately in secure settings.

To ensure that these approaches are of benefit to the wider scheme, approaches to privacy could develop with the ICO from the outset. In particular, a regulatory sandbox which is dedicated particularly to the use and development of smart data would be beneficial. This could help to establish regulatory norms within schemes, such as how far consent follows the data, and whether or how re-use of data will be enabled.

Complexity of digital and data sharing regulation, requiring standards for third party verification

Official guidance for smart data schemes suggests that organisations must assure themselves that an intermediary (third party) in a smart data scheme is acting on the behalf of an individual before responding to a data rights request, and gives broad categories for evidence that may be used to substantiate this, subject to verification (e.g. power of attorney). However, there is no explicit and firm specification for this and so, the process is ambiguous, which can increase bureaucracy and limit the certainty for third parties to enable the customer to exercise their data rights.

Official endorsement of a standardised mechanism for authentication and authorisation of the third party, with reference to a specific data rights request, would resolve this barrier at scale.

Section C: Designing a scheme for customers

Q9. How can we build and maintain customer trust in a digital markets Smart Data scheme? For example, what responsibilities need to be considered for data owners and ATPs?

Building and maintaining customer trust is fundamental to the success of any digital markets Smart Data scheme. Without it, the scheme’s first participants (customers and businesses) will be reluctant to share their data and the wider benefits for innovation, research and society will not be realised.

Data owners and authorised third parties will naturally value the greatest possible certainty in the protection of data, and the minimum possible burden to the day-to-day customer who shares their data. This may lead to a focus on sharing only the lowest risk data. However, to unlock the value of more sensitive data, it is essential to engage with the scheme’s participants directly, giving them opportunities to express their opinions and preferences, shape principles, and be represented in programme administration.

Our experience from public dialogues in 2024 highlights how trust can be explored through structured engagement. We used the well-established ‘five safes’ framework to communicate approaches to data protection and privacy for research and statistics. While initial perceptions of risk were strong, we found that when participants developed a clearer understanding of safeguards and how data could be used for public benefit, they expressed much more support for sharing sensitive data. Importantly, this shift came through dialogue, where participants could build personal connections to potential research uses and see evidence of appropriate oversight.

This suggests that trust in Smart Data schemes will not rest solely on technical protections, but also on transparent communication, participatory engagement, and a clear demonstration of public benefit.

Q10. What common principles are needed to support the development of a digital markets smart data scheme and why?

There is a significant body of work relating to best practice when developing a Smart Data scheme. The Competition and Markets Authority (CMA) has identified a set of design principles for an effective Smart Data scheme, which provide a good foundation to build upon.

Our recent public engagement suggests to us that public views regarding the use of smart data for research might align particularly with two of the CMA principles: that there should be a funding model that reflects customer interests, and that there should be effective representation of customers and other end users in scheme administration.

Section D: The wider context of a digital markets Smart Data scheme

Q11. Are there any tensions, overlaps, gaps or other features of the regulatory landscape in digital markets that the government should take into consideration?

The diversity of economic activities that are enabled by digital markets means that the influence of Smart Data schemes in this area could have implications across the economy. The regulatory environment governing digital technologies and markets is already complex and growing, covering areas such as competition, consumer protection, data protection, and online safety.  

This creates risks of overlaps, gaps or tensions – for example between data portability rights and data protection requirements, or between competition objectives and consumer safeguarding.

Enhanced regulatory cooperation and coherence is therefore crucial. This could include joint working between regulators, alignment of standards across schemes, and mechanisms for resolving tensions as new technologies and business models emerge.  

Q12. What data sharing initiatives already exist in digital markets that the government should be aware of when evaluating a Smart Data scheme in digital markets?

We have not surveyed this. Our answer to this question covers three initiatives that Smart Data Research UK are working with:

• Smart Data Donation Service (SDDS): Part of the new Smart Data Research UK family of data services, SDDS will help citizens across the UK to obtain copies of their digital trace data; assist them in using it to understand their digital lives; and offer them the opportunity to enrich and donate their data for use in scientific research. It is the first national research infrastructure built around existing GDPR rights of individuals to obtain a machine-readable copy of the personal data that any corporation holds about them. Initially focusing on social media and video game domains, SDDS aims to address the urgent need for evidence-based policy around online safety and digital wellbeing. It will facilitate research into diverse topics including mental health, media literacy, digital community, discriminatory behaviour, and disinformation.
• Platform data: DSIT and Ofcom are working on a regulatory framework for researcher access to data from regulated online platforms. Any further work in this area, which involved online platforms, would need to be complimentary to this initiative and acknowledge the work that’s underway following Ofcom’s report
• Gambling data: The Gambling Commission, alongside UKRI and public health bodies, is coordinating data access and research through the new Statutory Gambling Levy. If Smart Data schemes are extended to cover gambling services, they will need to connect and interact with the work of the Gambling Commission around the gambling levy.

Q14. What lessons should the government bear in mind from the EU DMA and other Smart Data schemes in other jurisdictions including the establishment of Open Banking schemes around the world?

CREATe, the Centre for Regulation of the Creative Economy at University of Glasgow, provided the following answer to this question.

The consultation focusses on smart data interventions from an interoperability and competition perspective, with the aim of fostering market entry and user choice.

We would like to highlight the following aspects from the perspective of researchers:

Incumbent firms have a natural incentive to retain control of data. Self-regulation therefore is unlikely to work [2]. However, it is difficult to design effective schemes that do not involve many bureaucratic layers.

The EU data strategy has created considerable complexity. First, the Data Governance Act created a framework, including encouraging the creation of data intermediaries [3] and ‘data altruism’ [4] organisations. Second, the Data Act imposes rights and obligations aimed at the fair distribution of the value that data usage generates, particularly relating to the Internet of Things (IoT), with exemptions on data sharing for SMEs. Third, the Digital Markets Act (DMA) and the Digital Services Act (DSA) create special obligations which apply to gatekeepers (DMA) and (very large) online platforms (DSA). Fourth, there may be additional obligations under the GDPR and competition law.

For researchers, it would be particularly valuable to study the innovation effects of smart data interventions. In order to do this, privileged data access under controlled conditions seems to be a viable option. Possible models are the EU Digital Services Act (Article 40, Data access and scrutiny, ‘vetted researchers’) and Ofcom’s exploration of a related scheme in the context of the Online Safety Act.

The UK should aim for a more coherent framework than the EU’s if it wants to make data access for researcher feasible in practice, while also considering the incentives for existing businesses/organisations to share data or for new organisations to enter a ‘data exchange’. Therefore, technical implementation should be considered from the start. The UK has a past record of doing so (i.e. open banking, some NHS data). Ofcom suggests an intermediary could accredit researchers and provide access under secure conditions. This will be an increasingly pressing issue across data spaces [5], including for accessing data for AI training and model testing.

UKRI (ESRC SDR UK & CREATe) footnotes

[1] Colangelo, G., & Khandelwal, P. (2025). The many shades of open banking: A comparative analysis of rationales and models. Internet Policy Review, 14(1). https://doi.org/10.14763/2025.1.1821

[2] Xiangyu Lin, S. Sarah Zhang, Markos Zachariadis, Open data and API adoption of U.S. banks, Journal of Financial Intermediation, Volume 63, 2025,101162

[3] Data intermediaries: ‘ services which aim to establish commercial relationships for the purposes of data sharing between an undetermined number of data subjects and data holders on the one hand and data users on the other, through technical, legal or other means, including for the purpose of exercising the rights of data subjects in relation to personal data.’ (Recital 28 DGA) –  The DGA aims to foster the emergence of such data intermediaries, but it creates burdensome conditions, including notification to a competent authority and the obligation to keep this service separate from other commercial services involving data, being commercially neutral and acting in the data subjects’ best interests (see articles 10-12 DGA).

[4] Data altruism organisations: ‘non-commercial’ in that it is about sharing for the purpose of general interest: ‘the voluntary sharing of data on the basis of the consent of data subjects to process personal data pertaining to them, or permissions of data holders to allow the use of their non-personal data without seeking or receiving a reward that goes beyond compensation related to the costs that they incur where they make their data available for objectives of general interest as provided for in national law, where applicable, such as healthcare, combating climate change, improving mobility, facilitating the development, production and dissemination of official statistics, improving the provision of public services, public policy making or scientific research purposes in the general interest’. 

[5] Burrow, S. (2021). The Law of Data Scraping: A review of UK law on text and data mining. University of Glasgow, CREATe working paper 2021/2.