ICO kicks off sandbox beta to support innovation

The Information Commissioner’s Office (ICO) has announced the start of the beta phase of its Sandbox service to help organisations using personal data to develop products and services that are innovative and have a public benefit.

The service is a key initiative by the ICO as part of the organisation’s pledge to support business innovation and to help ensure developers of tech and digital services do not lose society’s trust.

The Sandbox is designed to enable participants to work through how they use personal data in their projects with the ICO’s support to ensure they comply with data protection rules.

According to the ICO, the service will also provide “some comfort from enforcement action” and, where feasible, increase public confidence that innovative products and services comply with data protection legislation.

The ICO expects applications from organisations working at the cutting edge of innovation that may be operating in particularly challenging areas of data protection and aims to remove any uncertainty about how to remain compliant with data protection laws.

The beta phase is open to applications from up to 10 organisations of varying sizes from startups to large organisations and across the public, private and voluntary sectors.

The ICO will assess applications on the basis of whether the product or service being developed is innovative and can provide “a potential demonstrable benefit” to the public. Public benefit will be determined in terms of how many people will benefit and the extent to which they benefit.

In the longer term, the ICO expects Sandbox participants to become use-cases that will enable the ICO to anticipate change and develops public guidance and resources on compliance.

“Thousands of organisations are working on projects using personal data to transform the way we live and work. We want to support this innovation whilst helping ensure that the products and services under development are compliant and deliver benefits to the public,” said Simon McDougall, executive director for technology and innovation at the ICO.

“Our Sandbox will provide the environment that organisations need to test new concepts and technologies. The lessons we learn together may identify more fundamental questions with broader implications for data protection, and could ultimately inform the development of new guidance or codes of conduct in particular sectors to pave the way for further innovation.”

At the recent IAPP Data Protection Intensive 2019 in London, McDougall warned that the “battle for trust” is currently being lost, with a growing number of people in society becoming unwilling to trust businesses, organisations and innovators with new things.

“The reason we are losing this battle is that every time we create something cool, we are not bringing people along with us, and so they are not keeping up and this trust deficit just continues to widen,” he said.

According to McDougall, privacy professionals need to work out how to engage with people on questions around innovation. “Otherwise, we are going to risk building this trust deficit to unmanageable proportions,” he said.

Successful ICO Sandbox applicants will receive an on-site visit from a dedicated Sandbox team member, who will work with them to devise and implement a bespoke Sandbox plan. Organisations will exit the Sandbox by in September 2020 when the beta phase is planned to finish.

Applications must be submitted to [email protected] no later than noon on Friday 24 May 2019. Further details on the Sandbox are available on the ICO’s website or from the Sandbox team.

In addition to the Sandbox, the ICO is proactively engaging with technology developers to support innovation by:

• Providing research grants.
• Publishing guidance on new technologies.
• Supporting efforts to develop an age-appropriate design code for online service providers.
• Looking for ways to explain how artificial intelligence (AI) decisions work in a way that the average person will understand.
• Setting up an AI regulators group.
• Building an AI audit framework to set guidelines for good practice for developing and building AI technology.

In announcing McDougall’s appointment in August 2018, information commissioner Elizabeth Denham said the ICO has ambitious plans for its work in the “crucial” area of technology and to ensure the ICO is “innovative” regulator, open to new ideas and new ways of doing things.