Blog: ICO regulatory sandbox

28 May 2019 04:07 PM

Work begins on creating ICO Sandbox short list as application period closes

Applications for the ICO Sandbox have now closed and we have had a fantastic response, with 64 submissions received in total.

Organisations have clearly put a good deal of thought into how they want to work with us to help ensure that their innovative projects using personal information can comply with data protection law.

Our initial analysis suggests that there are many high quality, viable applications. There was also an interesting spread of applicants from different sectors and of varying size.

So what happens now?

The sandbox team will carry out an initial triage sift process of each application, scoring them against our selection criteria, before creating a short list. This will then go before an internal assessment panel for final decisions.

We anticipate around 10 projects will be chosen for the initial beta phase of the sandbox, although this may vary slightly depending on the nature of the successful applications.

It is anticipated the successful applicants will be informed in July, when our team will work with them to draw up detailed plans for their journey through the sandbox.

So we have reached ‘the end of the beginning’ and now the real, practical work begins in earnest. However, the sandbox team would like to take this opportunity to thank all who participated in the initial discussions, round table events and conference feedback sessions and helped to inform how this exciting new project will work in practice.

Please get in touch with any Sandbox queries as deadline for applications approaches

As the deadline for applying to take part in the ICO’s Regulatory Sandbox is fast approaching, we thought this would be an opportune time to provide a quick update on progress to date and to identify any additional issues we have encountered during our recent engagement with prospective applicants.

Since we opened the beta phase of our sandbox for applications at the end of March, we have had a great response. Lots of people and organisations have contacted the dedicated sandbox team to talk things through and we had some great questions and feedback at the workshops we held at the ICO’s annual Data Protection Practitioners’ Conference in Manchester last month.

We are really keen to promote further dialogue. Our specialist staff are on hand, ready to talk to people and organisations who might be thinking of putting an application in or who are unsure about whether or not the sandbox will be right for their product or service. We can help explain the principles, the process and what is needed in more detail.

We are very excited by the potential of some of the projects being discussed with us and full, completed applications have already started coming in, which is great.

We would like to take this opportunity to remind prospective applicants that the sandbox is open to organisations of all sizes and from all sectors. They should be developing a new, innovative product or service which uses personal data and which will benefit the public, but which may have some data protection risk identified.

Applicants really need to spell out the innovation and public benefit of what they are doing. They should use straightforward language to explain why their product is something genuinely new and exciting, and how it will benefit people.

Evidence is also vital. This doesn’t need to be masses of information but if an application is supported by a claim regarding the problem the product or service seeks to solve, its unique nature or its potential benefit to the public, then there should information to back this up. The application should then join the dots and spell out how your innovation will address this.

So don’t be scared to email us in first instance at sandbox@ico.org.uk or pick up the phone if you have already engaged with us. Early and direct engagement with the sandbox team can clear up any grey areas and will invariably lead to a stronger application. And that will lead to a potentially much better outcome for everyone concerned – the organisation, the ICO and, ultimately, the UK public.

The deadline for applications is noon on Friday 24 May.

Click here for the full blog post