Information Commissioner's Office
ICO opens Sandbox beta phase to enhance data protection and support innovation
The Information Commissioner’s Office (ICO) has opened the beta phase of its Sandbox, a new service designed to support organisations using personal data to develop products and services that are innovative and have demonstrable public benefit.
The beta phase of the Sandbox, which is now open to applications, will enable participants to work through how they use personal data in their projects with the ICO’s specialist staff to help ensure they comply with data protection rules. The Sandbox will also provide some comfort from enforcement action and, where feasible, increased public reassurance that innovative products and services are not in breach of data protection legislation.
The Sandbox beta phase offers a free, professional, fully functioning service for approximately 10 organisations, of varying types and sizes, across a number of sectors. The ICO will consider applications from start-ups, SMEs and large organisations, across private, public and voluntary sectors.
The ICO will assess applications on the basis of whether the product or service being developed is innovative and can provide a potential demonstrable benefit to the public. Public benefit will be determined in terms of both breadth – the amount of people benefitting – and depth – the extent to which they benefit.
The ICO expects that many of the products that will come into the Sandbox will be at the cutting edge of innovation and may be operating in particularly challenging areas of data protection where there is genuine uncertainty about what compliance looks like. As a result, Sandbox participants may become use-cases from which the ICO anticipates change and develops public guidance and resources on compliance.
Simon McDougall, Executive Director for Technology and Innovation at the ICO, said:
"Thousands of organisations are working on projects using personal data to transform the way we live and work. We want to support this innovation whilst helping ensure that the products and services under development are compliant and deliver benefits to the public.
"Our Sandbox will provide the environment that organisations need to test new concepts and technologies. The lessons we learn together may identify more fundamental questions with broader implications for data protection, and could ultimately inform the development of new guidance or codes of conduct in particular sectors to pave the way for further innovation."
Successful organisations will receive an on-site visit from a dedicated Sandbox team member, who will then work with them to devise and implement a bespoke Sandbox plan. Organisations will exit the Sandbox by September 2020 when the beta phase is planned to finish.
Applications must be submitted to email@example.com no later than noon on Friday 24 May 2019. Further details on the Sandbox, its benefits, eligibility criteria and the application process can be found via the Guide to the Sandbox on the ICO websiteor by emailing the team at firstname.lastname@example.org.
Notes to Editors
- The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
- The ICO has specific responsibilities set out in the Data Protection Act 2018, the General Data Protection Regulation (GDPR), the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
- The ICO can take action to change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit.
- The establishment of a regulatory sandbox was a goal outlined in the ICO’s Technology Strategy 2018-21.
- To report a concern to the ICO telephone our helpline 0303 123 1113 or go to ico.org.uk/concerns.
Latest News from
Information Commissioner's Office
Superior Style Home Improvements fined and issued with enforcement notice17/09/2019 13:20:00
The Information Commissioner’s Office (ICO) has fined a Swansea double-glazing company £150,000 for making nuisance calls.
Privacy attacks on AI models16/09/2019 13:20:00
Reuben Binns, our Research Fellow in Artificial Intelligence (AI), and Andrew Paterson, Principal Technology Adviser, discuss new security risks associated with AI, whereby the personal data of the people who the system was trained on might be revealed by the system itself.
SMOs must “prepare for all scenarios” to maintain data flows when UK leaves the EU11/09/2019 14:20:00
The ICO has urged businesses to “prepare for all scenarios” as it publishes dedicated guidance to help small and medium sized organisations prepare for the possibility that the UK leaves the European Union with no deal.
Information Commissioner’s Office issues warning about historical personal details accessed through work06/09/2019 12:25:00
An ICO investigation into the actions of two former Metropolitan Police Service (MPS) officers has concluded.
Statement on the High Court judgement on the use of live facial recognition technology by South Wales Police04/09/2019 13:25:00
An ICO spokesperson responded to the statement on the High Court judgement on the use of live facial recognition technology by South Wales Police
Data minimisation and privacy-preserving techniques in AI systems22/08/2019 12:20:00
Reuben Binns, our Research Fellow in Artificial Intelligence (AI), and Valeria Gallo, Technology Policy Adviser, discuss some of the techniques organisations can use to comply with data minimisation requirements when adopting AI systems.
Statement: Live facial recognition technology in King's Cross19/08/2019 15:25:00
Statement from Elizabeth Denham, Information Commissioner, on the use of live facial recognition technology in King's Cross, London.
Statement: Live facial recognition technology in Kings Cross16/08/2019 10:10:00
Statement from Elizabeth Denham, Information Commissioner, on the use of live facial recognition technology in Kings Cross, London.
Blog: Three top issues for town and parish councils15/08/2019 10:15:00
The advent of the GDPR in May 2018 brought new data protection obligations for many organisations. Some of this presented a challenge, particularly for smaller organisations like parish and town councils, who we saw were keen to demonstrate their compliance but needed support to achieve this.