Blog: ICO regulatory sandbox | ICO

ICO analysing initial responses to regulatory sandbox project

21 November 2018

We published a ‘call for views’ on the development of our regulatory sandbox back in September, in line with the commitment made in our Technology Strategy to consult before the end of this year.

We were keen to explore a wide range of issues, from identifying areas where data protection might be perceived as a barrier to innovation to the general scope of the sandbox and on to some more detailed questions about what mechanisms and operational approaches we should take.

We’ve had a really positive response, with nearly 70 organisations getting back to us including companies, trade associations, public authorities, third sector bodies and others. The quality of responses was really high, with lots of helpful suggestions and input, and we are grateful to all who gave their time to respond.

Our analysis of these responses sets out some key themes that emerged and provides comment from us under each of the survey sections. This starts to signpost how we expect our sandbox to develop. For example, we suggest that the sandbox is likely to be broad in scope and open to any sector and any size of organisation.

That said, we plan to make use of eligibility criteria to control entry in three main areas: innovation, public benefit and what we are at this stage calling ‘fitness to participate’. We are also planning to encourage applications in particular from those organisations that are dealing with specific data protection challenges that were flagged in responses as being central to enabling innovation.

We also take the opportunity to clarify that this will not be a sandbox in which we provide test environments, dummy data sets or software tools, and we confirm that organisations will not receive ‘certification’ for participating. Rather, this is about working collaboratively with innovators through a range of informal steers and supportive advisory mechanisms to support the dual goals of privacy and innovation. In addition, we intend to continue to explore what other mechanisms such as the ‘letters of comfort’ we described in our survey, may be feasible.

Work now continues to develop the operational processes needed to deliver the sandbox. We plan to undertake further consultation in the New Year as our operational model develops, and this will include events for organisations interested in the project which are provisionally scheduled to take place early in February 2019. Further information on these events will be published in the ICO e-newsletter on December 6 and in an update on this blog.

We remain committed to opening the sandbox, probably through a live ‘beta’ phase, later next year.

Chris Taylor, a Head of Assurance at the ICO, blogs about how organisations can help us shape our regulatory sandbox.

26 September 2018

For a year or so now, we’ve been talking about our plans to create a regulatory sandbox. A place where organisations are supported to develop innovative products and services using personal data in different ways.

It’s part of our mantra that privacy and innovation go hand in hand. It’s not privacy or innovation, it’s privacy and innovation – because organisations that use our sandbox won’t be exempt from data protection law.

They will have the chance to engage with us, take advantage of our expertise, seek our advice in mitigating risks and consult us on data protection by design. At the same time, and as you’d expect, we’ll be ensuring that appropriate protections and safeguards are in place.

But we’ve a little way to go before we start inviting organisations to get involved. A few weeks ago we launched a call for evidence; this is the first stage in the consultation process and our chance to find out your views on the feasibility, scope and demand for a sandbox. The responses we receive will then help us create a more detailed proposal for consultation.

Individuals and organisations are already getting in touch. We’ve heard from law firms, charities, digital start-ups and people who are simply interested in data rights. They’ve told us about the real benefits that provision of advice could provide, and some of the possibilities there might be. For example, for charities to innovate in the public interest or for organisations to make improvements in health and wellbeing through the safe and innovative use of public data. Perennial issues such as enhancing cyber security and app development also appear.

But we want more. We know that companies and organisations are developing innovative products and services that use personal data in innovative ways. We want to hear from you.

Data protection cuts across all sectors, so we want to hear from you if you work in health, education, the finance industry, transport, retail, the third sector, local government, police and justice . . . the list is endless.

We appreciate that different stakeholders will have different and particular areas of expertise and we’re keen to get views from as many sectors as possible.

We want to know:

  • what you think the scope of any such sandbox should be – should we focus on particular innovations, sectors or types of organisations?
  • what you think the benefits might be to working in a sandbox, whether that’s our expert input or increased reassurance for your customers or clients.
  • what mechanisms you might find most helpful in a sandbox – from adaptations to our approach, to informal steers or the provision of technical guidance – what are the tools that a sandbox might contain?
  • at what stage in the design and development process a sandbox would be most useful to you?

It’s easy to share your views with us. Just click on the link to our survey and tell us what you think.

If you want more information about the call for evidence, pleased email the team at sandbox@ico.org.uk.


  Chris Taylor

Chris Taylor is a Head of Assurance at ICO working on the development of ICO’s operational approach to Codes Of Conduct, Certification Schemes, Regulatory Sandbox and eIDAS.

 

Source

Spread the love

Related posts

Leave a Comment