New film sets out how organisations can benefit from ICO Sandbox

We have had an excellent response since opening our ICO regulatory sandbox Intention to Apply Survey last month – but we still want to hear from more of you.

Many organisations have already let us know they would like the ICO’s help in ensuring that their new, innovative products and services comply with data protection law.

We know there are many more – particularly large companies, and organisations from the public and third sectors – that are planning to apply to take part in the Sandbox but have yet to let us know.

We would appreciate you taking the time to fill out the survey so we can plan our processes and resources accordingly and ensure the sandbox works as effectively as possible for everyone.

Our recent Sandbox workshop in London was a huge success and we are grateful to all who attended. Their contributions were invaluable and we had some excellent feedback and suggestions.

Depending on your organisation’s network policies, you may be unable to view the video on this page. In this case, please access the page on a non-network device.

We made a short film about the event (above) so you can hear from ICO staff and delegates how taking part in the sandbox can be of real benefit your organisation, giving you free, expert advice and support from the regulator throughout the process of developing your new product or service. 

You can also find out more by reading our Discussion Paper, which sets out how we envisage the sandbox will work in practice, or by emailing our team at sandbox@ico.org.uk

Discussion Paper and Intention to Apply Survey

30 January 2019

In November we published an analysis of the call for views on our proposed regulatory sandbox. Since then, we have continued to develop the systems and processes necessary to launch a fully functioning beta phase of our sandbox, with the aim of opening for applications at the end of April.

We’ve had lots of questions about how our sandbox might work in practice and we know that organisations will be considering whether an application will be right for them.

With that in mind, we have published our sandbox discussion paper which explains to potential participants how we see the sandbox working in practice. The paper sets out our thinking so far - from early engagement through to application, sandbox entry and, ultimately, exit.

The paper will form part of the discussion at our sandbox workshop event in London on 6 February. This event is now fully booked but we would still welcome feedback on the project, including from any potential sandbox participants. We’ve included discussion questions throughout the paper and are asking people to send their views to sandbox@ico.org.uk.

To help us plan our resources and build the sandbox appropriately, we are also now opening our ’Intention to apply’ survey. This will enable organisations to tell us in advance about any product or service that they might consider entering into the sandbox.

It is not an application – the full formal process will open later in the year – but will give us more of an idea about the numbers and types of formal applications we are likely to receive.

The survey will remain open until we open for applications and is entirely voluntary and non-binding. Click here to access the survey.

The sandbox is open to all sectors and all sizes of organisation, so whether public, private or third sector, a tech start-up or an innovation hub at a large established company or Government body, please do get in touch if you plan to use personal data in a new and innovative way.

View a video of Chris Taylor from the ICO discussing the latest on the regulatory sandbox.

Date announced for consultation workshop

5 December 2018

Following our call for evidence and analysis of the submissions we received, work on the ICO Regulatory Sandbox continues with an event in the New Year to gather more detailed evidence, ideas and opinions.

The consultation workshop will take place on 6 February 2019 in London and we are now accepting expressions of interest in attending.

We are keen to get participation from innovators working with personal data and who might want to make use of our Sandbox, whether in the private, public or third sectors.

If you feel you are qualified to make a positive contribution to this event, either because you would like to take part in the Sandbox when it opens, or you represent those who do, please contact us on sandbox@ico.org.uk.

ICO analysing initial responses to regulatory sandbox project

21 November 2018

We published a ‘call for views’ on the development of our regulatory sandbox back in September, in line with the commitment made in our Technology Strategy to consult before the end of this year.

We were keen to explore a wide range of issues, from identifying areas where data protection might be perceived as a barrier to innovation to the general scope of the sandbox and on to some more detailed questions about what mechanisms and operational approaches we should take.

We’ve had a really positive response, with nearly 70 organisations getting back to us including companies, trade associations, public authorities, third sector bodies and others. The quality of responses was really high, with lots of helpful suggestions and input, and we are grateful to all who gave their time to respond.

Our analysis of these responses sets out some key themes that emerged and provides comment from us under each of the survey sections. This starts to signpost how we expect our sandbox to develop. For example, we suggest that the sandbox is likely to be broad in scope and open to any sector and any size of organisation.

That said, we plan to make use of eligibility criteria to control entry in three main areas: innovation, public benefit and what we are at this stage calling ‘fitness to participate’. We are also planning to encourage applications in particular from those organisations that are dealing with specific data protection challenges that were flagged in responses as being central to enabling innovation.

We also take the opportunity to clarify that this will not be a sandbox in which we provide test environments, dummy data sets or software tools, and we confirm that organisations will not receive ‘certification’ for participating. Rather, this is about working collaboratively with innovators through a range of informal steers and supportive advisory mechanisms to support the dual goals of privacy and innovation. In addition, we intend to continue to explore what other mechanisms such as the ‘letters of comfort’ we described in our survey, may be feasible.

Work now continues to develop the operational processes needed to deliver the sandbox. We plan to undertake further consultation in the New Year as our operational model develops, and this will include events for organisations interested in the project which are provisionally scheduled to take place early in February 2019. Further information on these events will be published in the ICO e-newsletter on December 6 and in an update on this blog.

We remain committed to opening the sandbox, probably through a live ‘beta’ phase, later next year.

Chris Taylor, a Head of Assurance at the ICO, blogs about how organisations can help us shape our regulatory sandbox.

26 September 2018

For a year or so now, we’ve been talking about our plans to create a regulatory sandbox. A place where organisations are supported to develop innovative products and services using personal data in different ways.

It’s part of our mantra that privacy and innovation go hand in hand. It’s not privacy or innovation, it’s privacy and innovation – because organisations that use our sandbox won’t be exempt from data protection law.

They will have the chance to engage with us, take advantage of our expertise, seek our advice in mitigating risks and consult us on data protection by design. At the same time, and as you’d expect, we’ll be ensuring that appropriate protections and safeguards are in place.

But we’ve a little way to go before we start inviting organisations to get involved. A few weeks ago we launched a call for evidence; this is the first stage in the consultation process and our chance to find out your views on the feasibility, scope and demand for a sandbox. The responses we receive will then help us create a more detailed proposal for consultation.

Individuals and organisations are already getting in touch. We’ve heard from law firms, charities, digital start-ups and people who are simply interested in data rights. They’ve told us about the real benefits that provision of advice could provide, and some of the possibilities there might be. For example, for charities to innovate in the public interest or for organisations to make improvements in health and wellbeing through the safe and innovative use of public data. Perennial issues such as enhancing cyber security and app development also appear.

But we want more. We know that companies and organisations are developing innovative products and services that use personal data in innovative ways. We want to hear from you.

Data protection cuts across all sectors, so we want to hear from you if you work in health, education, the finance industry, transport, retail, the third sector, local government, police and justice . . . the list is endless.

We appreciate that different stakeholders will have different and particular areas of expertise and we’re keen to get views from as many sectors as possible.

We want to know:

  • what you think the scope of any such sandbox should be - should we focus on particular innovations, sectors or types of organisations?
  • what you think the benefits might be to working in a sandbox, whether that’s our expert input or increased reassurance for your customers or clients.
  • what mechanisms you might find most helpful in a sandbox – from adaptations to our approach, to informal steers or the provision of technical guidance – what are the tools that a sandbox might contain?
  • at what stage in the design and development process a sandbox would be most useful to you?

It’s easy to share your views with us. Just click on the link to our survey and tell us what you think.

If you want more information about the call for evidence, pleased email the team at sandbox@ico.org.uk.

  Chris Taylor

Chris Taylor is a Head of Assurance at ICO working on the development of ICO's operational approach to Codes Of Conduct, Certification Schemes, Regulatory Sandbox and eIDAS.