The ICO is re-opening the regulatory sandbox, its free service, designed to support organisations using personal data to develop innovative products and services.
The regulator is accepting applications from all types of organisations from start-ups, SMEs and large organisations, across private, public and voluntary sectors.
This year the projects submitted should focus on one of two themes, children’s privacy or data sharing. The projects should be at the cutting edge of innovation and may be operating in particularly challenging areas of data protection, where there is genuine uncertainty about what compliance looks like.
The ICO is particularly interested in hearing from innovators concentrating on the issues posed by the implementation of our Age Appropriate Design Code or those developing products and services that support complex data sharing in the public interest. More information can be found here.
The regulatory sandbox enables organisations to work through how they use personal data in their projects with the ICO’s specialist staff to help ensure they comply with data protection rules. It also provides organisations with reassurance from enforcement action, where feasible, and increased public trust that innovative products and services are not in breach of data protection legislation.
Ian Hulme, Director of Regulatory Assurance said:
“We are looking for viable projects from all sizes of organisations that have the potential to be transformative, and which will bring real public benefit.
“Protecting children’s privacy online is a high priority for the ICO. Ultimately the regulatory sandbox aims to support innovators to improve confidence amongst children, young people and their parents and carers that their personal information is being properly protected when they are online.
“On data sharing our aim is to promote and enable confident, responsible and lawful data sharing in the wider public interest. In particular, the regulatory sandbox aims to help demonstrate that data protection legislation is not a barrier to proportionate sharing of personal data.”
Organisations are being invited to make an initial expression of interest. The recruitment process has been improved so organisations can register their interest and the ICO will support with the full application. Further details can be found here.
The regulatory sandbox has limited capacity and expressions of interest will be considered on a first come first served basis. There are currently only around five spaces available and once filled, other successful applicants may be placed on a waiting list.
The ICO introduced the beta service last year and ten organisations have so far had the opportunity to engage with the ICO; draw upon its expertise and advice on mitigating risks and ‘data protection by design’, whilst ensuring that appropriate protections and safeguards are in place. The ICO also recently blogged about and published two outcome reports with others set to follow.
If you have any queries contact [email protected].
Notes to Editors
- The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
- The ICO has specific responsibilities set out in the Data Protection Act 2018, the General Data Protection Regulation (GDPR), the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
- The ICO can take action to change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit.
- The establishment of a regulatory sandbox was a goal outlined in the ICO’s Technology Strategy 2018-21.
- To report a concern to the ICO telephone our helpline 0303 123 1113 or go to ico.org.uk/concerns.