Information Commissioner's Office
Blog: ICO regulatory sandbox
Work begins on creating ICO Sandbox short list as application period closes
Applications for the ICO Sandbox have now closed and we have had a fantastic response, with 64 submissions received in total.
Organisations have clearly put a good deal of thought into how they want to work with us to help ensure that their innovative projects using personal information can comply with data protection law.
Our initial analysis suggests that there are many high quality, viable applications. There was also an interesting spread of applicants from different sectors and of varying size.
So what happens now?
The sandbox team will carry out an initial triage sift process of each application, scoring them against our selection criteria, before creating a short list. This will then go before an internal assessment panel for final decisions.
We anticipate around 10 projects will be chosen for the initial beta phase of the sandbox, although this may vary slightly depending on the nature of the successful applications.
It is anticipated the successful applicants will be informed in July, when our team will work with them to draw up detailed plans for their journey through the sandbox.
So we have reached ‘the end of the beginning’ and now the real, practical work begins in earnest. However, the sandbox team would like to take this opportunity to thank all who participated in the initial discussions, round table events and conference feedback sessions and helped to inform how this exciting new project will work in practice.
Please get in touch with any Sandbox queries as deadline for applications approaches
As the deadline for applying to take part in the ICO’s Regulatory Sandbox is fast approaching, we thought this would be an opportune time to provide a quick update on progress to date and to identify any additional issues we have encountered during our recent engagement with prospective applicants.
Since we opened the beta phase of our sandbox for applications at the end of March, we have had a great response. Lots of people and organisations have contacted the dedicated sandbox team to talk things through and we had some great questions and feedback at the workshops we held at the ICO’s annual Data Protection Practitioners’ Conference in Manchester last month.
We are really keen to promote further dialogue. Our specialist staff are on hand, ready to talk to people and organisations who might be thinking of putting an application in or who are unsure about whether or not the sandbox will be right for their product or service. We can help explain the principles, the process and what is needed in more detail.
We are very excited by the potential of some of the projects being discussed with us and full, completed applications have already started coming in, which is great.
We would like to take this opportunity to remind prospective applicants that the sandbox is open to organisations of all sizes and from all sectors. They should be developing a new, innovative product or service which uses personal data and which will benefit the public, but which may have some data protection risk identified.
Applicants really need to spell out the innovation and public benefit of what they are doing. They should use straightforward language to explain why their product is something genuinely new and exciting, and how it will benefit people.
Evidence is also vital. This doesn’t need to be masses of information but if an application is supported by a claim regarding the problem the product or service seeks to solve, its unique nature or its potential benefit to the public, then there should information to back this up. The application should then join the dots and spell out how your innovation will address this.
So don’t be scared to email us in first instance at firstname.lastname@example.org or pick up the phone if you have already engaged with us. Early and direct engagement with the sandbox team can clear up any grey areas and will invariably lead to a stronger application. And that will lead to a potentially much better outcome for everyone concerned – the organisation, the ICO and, ultimately, the UK public.
The deadline for applications is noon on Friday 24 May.
Latest News from
Information Commissioner's Office
Former motor industry worker ordered to pay £25,500 from proceeds of data theft18/07/2019 11:32:00
A motor industry employee who was sentenced to six months in prison in November 2018 for accessing personal data without permission, has been ordered to pay a £25,500 confiscation order in a case brought by the Information Commissioner’s Office (ICO).
Speech: The future of online advertising regulation12/07/2019 13:47:00
Simon McDougall, Executive Director for Technology Policy and Innovation’s speech at the Westminster Media Forum Keynote Seminar: The future of online advertising regulation.
Statement: Intention to fine Marriott International, Inc more than £99 million under GDPR for data breach10/07/2019 12:20:00
Statement given yesterday in response to Marriott International, Inc’s filing with the US Securities and Exchange Commission that the Information Commissioner's Office (ICO) intends to fine it for breaches of data protection law.
Blog: Live facial recognition technology - data protection law applies10/07/2019 09:10:00
Blog posted by: Elizabeth Denham, Information Commissioner, 09 July 2019.
ICO publishes annual report covering an ‘unprecedented’ year09/07/2019 15:51:00
The public has woken up to the potential of their personal data, the Information Commissioner has said as the ICO’s annual report for 2018-19 was published today. Elizabeth Denham also said it covered an ‘unprecedented’ year for the regulator.
ICO statement: Intention to fine British Airways £183.39m under GDPR for data breach08/07/2019 13:10:00
Following an extensive investigation the ICO has issued a notice of its intention to fine British Airways £183.39M for infringements of the General Data Protection Regulation (GDPR).
Blog: Cookies – what does ‘good’ look like?04/07/2019 12:25:00
Blog posted by: Ali Shah, Head of Technology Policy, 03 July 2019.
Former company director believed to have profited by more than £1.4 million after selling personal data illegally01/07/2019 12:25:00
A former company director found guilty of illegally obtaining people’s personal data and selling it to solicitors chasing personal injury claims, has been fined for breaches of data protection and issued with a confiscation order under the Proceeds of Crime Act 2002.
ICO searches Liverpool addresses as part of investigation into suspected illegal acquisition and sale of personal data28/06/2019 15:20:00
The Information Commissioner’s Office (ICO) yesterday (27 June) searched two addresses in Liverpool, as part of an ongoing investigation into the acquisition and sale of illegally obtained personal data.