Consent: what does ‘agreeing to tech’ really mean?
With the UK's health and social care sectors adopting digital records at an unprecedented 80% rate amid new 2025 data laws, mishandled consent for technology use threatens vulnerable patients' autonomy and exposes systems to costly cyber breaches.
Key takeaways
- •The Data Use and Access Act 2025 introduces mandatory interoperability standards, amplifying consent challenges as data sharing expands across NHS and social care without always securing explicit agreement from those affected.
- •Rapid digitization, including AI trials and single patient records targeted for 2027, impacts elderly and dementia patients most, where family proxies and time pressures often blur the lines of informed consent.
- •Cyber vulnerabilities in interconnected care systems heighten risks of data leaks, with litigation costs averaging £202,000 per inadequate consent claim, underscoring trade-offs between innovation-driven efficiency and privacy safeguards.
Consent in Digital Care
The UK's push for digital integration in health and social care has accelerated since 2024, driven by government initiatives like the 10 Year Health Plan. This plan aims to create a unified patient record system by merging data from NHS services and adult social care providers. Adoption of digital social care records has doubled from 40% to 80% since July 2024, enabling faster care planning but raising questions about how consent is obtained for ongoing data use.
Recent legislation, including the Data Use and Access Act passed in 2025, mandates information standards for interoperability. These standards require IT systems to facilitate seamless data exchange, but they also complicate consent. For instance, vulnerable groups such as older adults or those with cognitive impairments may not fully grasp data flows involving AI monitoring or sensor technologies in homes. Families often step in to consent, yet evolving tech introductions— like robots addressing workforce shortages—can outpace initial agreements.
Real-world impacts are stark. Poor consent practices have led to increased litigation, with claims related to inadequate informing of risks costing the NHS substantial sums. In social care, where 90% of recipients now benefit from digital records, inaction on consent could delay treatments or erode trust. Deadlines loom: by 2027, NHS Online will connect patients digitally nationwide, demanding clear consent frameworks to avoid disruptions.
Non-obvious tensions emerge in balancing explicit versus assumed consent. Assumed consent might suffice for routine monitoring but falters in high-stakes scenarios, like AI-driven diagnostics. Cyber resilience adds another layer; the sector's strategy to 2030 highlights vulnerabilities in shared systems, where breaches could expose sensitive data without recourse. Stakeholders—providers, commissioners, and ethicists—grapple with these trade-offs, as innovation promises better outcomes but risks diminishing personal control.
Sources
- https://www.gov.uk/government/news/digital-revolution-in-care-saves-millions-of-admin-hours
- https://www.taylorwessing.com/en/interface/2025/predictions-2026/uk-tech-and-digital-regulatory-policy-in-2026
- https://iclg.com/practice-areas/digital-health-laws-and-regulations/united-kingdom
- https://www.digitalcarehub.co.uk/data-and-digital-integration-still-a-challenge-says-cqc-state-of-care-report
- https://www.nhsconfed.org/publications/digital-transformation-nhs-reference-guide
- https://www.brownejacobson.com/insights/technology-enabled-care-in-the-uk-legal-and-technical-developments-to-watch
- https://www.digitalregulations.innovation.nhs.uk/
- https://pmc.ncbi.nlm.nih.gov/articles/PMC11717759
- https://bmjopenquality.bmj.com/content/14/4/e003606
- https://concentric.health/news/2024-microcosting
- https://www.england.nhs.uk/long-read/interoperability
- https://www.bevanbrittan.com/insights/articles/2025/new-information-standards-for-health-social-care-understanding-the-data-use-and-access-act-2025-s-impact-on-it-providers
- https://www.digitalcarehub.co.uk/data-protection-and-cyber-security/data-protection-legislation/data-use-and-access-act-2025-briefing-for-adult-social-care-providers
- https://www.gov.uk/government/publications/adult-social-care-data-collection-september-2025-notice/adult-social-care-data-collection-september-2025-notice
- https://www.osborneclarke.com/insights/data-use-and-access-act-becomes-law-first-ever-changes-uk-gdpr
- https://www.gov.uk/government/publications/cyber-security-strategy-for-health-and-social-care-2023-to-2030/a-cyber-resilient-health-and-adult-social-care-system-in-england-cyber-security-strategy-to-2030
- https://www.careengland.org.uk/cyber-security-in-care-protecting-people-data-and-trust
- https://global.lockton.com/gb/en/news-insights/key-cyber-threats-facing-the-uk-healthcare-sector
You might also like
- Feb 23Fully Funded Cyber Support for Care Providers: What’s available and how to access it
- Feb 25Avoiding the ripple effect of a personal data breach
- Mar 3Informatics Now Winter26 Live Learning Series Session 6 of 8: Technology Ecosystem
- Mar 11People’s right to privacy vs home sensors
- Aug 5Navigating Ethical Dilemmas in the Care of Older Adults