Projects supporting the privacy of homeless people and issues around the use of genomic information in healthcare are among the latest recipients of funding from the ICO Grants Programme.
The successful applicants for the programme’s second round of grants also include research into data protection in ‘smart’ homes and the use of public sector data by researchers.
The ICO Grants Programme was launched by the Information Commissioner’s Office in 2017 and aims to support independent, innovative research into practical products and solutions which benefit the UK public by tackling significant new areas of data protection and privacy risk.
Elizabeth Denham, Information Commissioner, said:
“The ICO Grants Programme is a key part of our Technology Strategy and a further demonstration of our commitment to being a relevant, capable and collaborative regulator which has an eye on the future as well as fulfilling our regulatory duties in the present.
“Along with the first grants recipients, these latest projects will help us to identify and address new threats and opportunities while supporting new and innovative ways of thinking about data protection and privacy.”
The inaugural 2017-18 Grants Programme recipients will be discussing their projects at the ICO’s annual Data Protection Practitioners' Conference (DPPC), which takes place at Manchester Central on Monday 8 April. A short film about their progress will also be broadcast.
More than 800 delegates and exhibitors will attend the conference, with a packed programme of speeches, panel discussions, workshops and information sessions hosted by ICO and external data protection experts.
The main sessions will be livestreamed here.
The winner of the second annual ICO Practitioner Award for Excellence in Data Protection will also be announced at the event.
The conference will end with a Q&A session with Ms Denham and the ICO’s executive team. She added:
“This is our first DPPC of the GDPR era and the new data protection law is almost a year old now, so it promises to be even more fascinating than ever.
“In particular, we will be keen to discuss how important the GDPR’s accountability requirement is to embedding data protection into the culture and fabric of an organisation.”
Sessions from the DPPC will be streamed live via the ICO website from 9.50am on Monday. Ms Denham’s speech will be available on the ICO website at 10.30am.
2018-19 Grants Programme recipients (subject to contract agreement)
Connection at St Martin’s in the Field: ‘Data Rights Inclusion for Homeless People’ - £21,197
Connection’s project will engage with homeless people in London to better understand their knowledge and awareness about how their personal information is used. It will provide an effective means of informing homeless people of their data rights and how to enforce them, as well as creating an outreach process that can be taken up by other organisations.
Oxford University: ‘Informing the Future of Data Protection by Design and by Default in Smart Homes’ - £81,290.46
Building on previous research, the project will conduct a study of six smart homes to study current privacy preferences and to prototype new tools, interfaces, and approaches to smart home privacy. The project team will also work with designers, product teams and compliance officers to understand how these alternative design approaches might be integrated into their processes and to disseminate the resulting best practices.
PHG Foundation: ‘The Impact of GDPR and DPA2018 on Regulating Genomic Technologies in Healthcare’ - £72,924
PHG’s project centres on researching the nature of pseudonymised genomic data, its function as personal data under GDPR, uses in medical research and how any potential associated risks may be mitigated. The team will undertake public engagement after a report on their initial findings is published.
Cardiff University: ‘Developing scalable training for UK researchers in the use of routine public sector data informed by public and professional stakeholders’ - £99,804
The project will develop a training programme for researchers working with a wide range of routine public sector data. This will be achieved through a survey of researchers who currently use routine data and also those who may do so in the future, discussion groups with UK data providers and a series of workshops with members of the public to explore their understanding of research that uses such data.
Notes to Editors
- The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
- The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the General Data Protection Regulation (GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR) and Privacy and Electronic Communications Regulations 2003 (PECR).
- The General Data Protection Regulation (GDPR) is a new data protection law which applied in the UK from 25 May 2018. Its provisions are included in the Data Protection Act 2018. The Act also includes measures related to wider data protection reforms in areas not covered by the GDPR, such as law enforcement and security. The UK’s decision to leave the EU did not affect the commencement of the GDPR.
- The data protection principles in the GDPR evolved from the original DPA, and set out the main responsibilities for organisations. Article 5 of the GDPR requires that personal data shall be:
- Processed lawfully, fairly and in a transparent manner in relation to individuals;
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- Accurate and, where necessary, kept up to date
- Kept in a form which permits identification of data subjects for no longer than is necessary; and
- Processed using appropriate technical or organisational measures in a manner that ensures appropriate security of the personal data.”
- Article 5(2) requires that “the controller shall be responsible for, and be able to demonstrate, compliance with the principles.”
- Civil Monetary Penalties (CMPs) under past and current law are subject to a right of appeal to the (First-tier Tribunal) General Regulatory Chamber against the imposition of the monetary penalty and/or the amount of the penalty specified in the monetary penalty notice.
- To report a concern to the ICO go to ico.org.uk/concerns