Information Commissioner's Office
Blog: Privacy and Innovation – lessons learnt from the FCA TechSprint
Blog posted by: Simon McDougall – Executive Director – Technology and Innovation, 16 October 2019.
I’ve found there’s often a misconception that regulation seeks to stifle innovation and that the role of regulators is to add layers of red tape. For me, that is simply not true. The ICO has said time and again, it’s not a case of privacy or innovation - it’s privacy and innovation.
A few weeks ago, I was lucky enough to be a judge at the Financial Conduct Authority’s TechSprint. The event was a brilliant example of exactly how privacy and innovation can work together in practice.
The TechSprint brought together teams from all over the world to focus on how Privacy Enhancing Technologies (PETs) can help financial institutions to share data in order to prevent money laundering, while still meeting their confidentiality and privacy obligations.
It was an excellent opportunity for my colleagues from the ICO’s Regulators’ Business Innovation Privacy Hub (The Hub) and myself to look at real deployments of PETs. The creation of the Hub was enabled by a grant from the Regulators’ Pioneer Fund, set up by the Department for Business, Energy and Industrial Strategy. We were also on hand to offer attendees advice on the data protection implications of implementing these technologies and there were three key issues, which were common to many of the teams.
- Think privacy from the outset
Many of the organisations focused on the solution and then tried to work out how they could make it compliant. This created extra work to backtrack and rebuild their products with privacy in mind. It’s absolutely key to think of data protection as a core building block of design and not a bolt-on.
- PETs are a piece of the puzzle, not the finished product
When teams were looking for a data protection solution, it became clear there was a misunderstanding that PETs alone can solve all GDPR compliance issues. They are just one part of the puzzle and it’s important that you’re not over reliant on them. Think about what data protection issues you’re trying to solve and don’t assume that PETs will automatically solve them.
- Collaboration is key
The TechSprint brought so many people together from a wide range of sectors and backgrounds. Seeing them consider and create together was incredibly rewarding. It demonstrated that successful teams must listen to a variety of voices, both from within your organisation and externally.
The Hub team is part of the ICO’s Technology and Innovation Directorate and funded by the Department for Business, Energy and Industrial Strategy’s Regulators’ Pioneer fund. The Hub’s focus is embedding information rights in the work of all UK regulators. This can involve:
- collaborating with regulators;
- assisting businesses involved in regulatory innovation programmes; or
- helping regulators make sure data protection is considered at the very beginning of any new project.
The Hub team has been working with a variety of sectors, from utilities to legal services and we are really interested to see how the ICO can work with other regulators - enabling them to try new things, with the reassurance that we can guide and advise them on how to mitigate data protection risk.
If your organisation is already working with your own industry’s regulator and think that the Hub could help support you with compliance, then please get in touch by emailing email@example.com.
Simon McDougall is Executive Director for Technology Policy and Innovation at the ICO where he is developing an approach to addressing new technological and online harms. He is particularly focused on artificial intelligence and data ethics.
He is also responsible for the development of a framework for auditing the use of personal data in machine learning algorithms.
Latest News from
Information Commissioner's Office
Blog: Why special category personal data needs to be handled even more carefully15/11/2019 09:10:00
Blog posted by: Ian Hulme, Director for Regulatory Assurance, 14 November 2019.
ICO call for views on the application for powers under the Proceeds of Crime Act11/11/2019 09:10:00
The Information Commissioner invites views on her office being granted access to investigation and other associated powers under the Proceeds of Crime Act 2002 (POCA).
Information Commissioner reminds political parties they must comply with the law ahead of General Election06/11/2019 09:10:00
The Information Commissioner has sent the following letter to the political parties in relation to the use of data in political campaigning.
Blog: Live facial recognition technology – police forces need to slow down and justify its use31/10/2019 13:10:00
Blog posted by: Elizabeth Denham, Information Commissioner, 31 October 2019.
Statement on an agreement reached between Facebook and the ICO30/10/2019 15:10:00
In 2017 the Information Commissioner's Office ("ICO") commenced a formal investigation into the misuse of personal data in political campaigns.
Blog: Embedding accountability – we want to hear from you29/10/2019 13:20:00
Blog posted by: Ian Hulme, Director for Regulatory Assurance, 28 October 2019.
AI Auditing Framework Call for Input: final considerations and next steps29/10/2019 09:10:00
As the initial Call for Input into the development of the ICO AI Auditing Framework comes to an end, Simon McDougall, Executive Director for Technology and Innovation, reflects on some of the overarching themes that have emerged in the first phase of our work.
Data Protection Impact Assessments and AI24/10/2019 10:20:00
Simon Reader, Senior Policy Officer, discusses some of the key considerations for organisations undertaking data protection impact assessments for Artificial Intelligence (AI) systems.