The ICO exists to empower you through information.

Department for Education – Education Credential

The Department for Education is responsible for children’s services and education in England, we intend to use the concepts of decentralised identity and verified credentials to allow post-16 students within the English education system to access, control and use their own personal data when applying and enrolling into further education organisations, via the use of an education credential.

The Department for Education has carried out research that demonstrates that the process of applying for and enrolling upon a course is not as simple as it can be, for the individual students themselves, as well as for the further education organisations. The use of an education credential should make the transition and enrolment process easier for both parties in a number of different ways.

The Department for Education is entering the ICO sandbox in order to ensure that the concept of privacy by design is applied to the development of the education credential, to understand and consider a number of challenges posed by the use of such a credential, and to demonstrate its commitment to placing data protection and privacy at the heart of its use of a novel and emerging technology.

Taking part in the regulatory sandbox will allow the Department for Education to approach and explore some key data protection and privacy areas with the support and engagement of the ICOs expertise and advice, to ensure that the privacy of users of the education credential is maintained at all times. Whilst clearly defining the roles and responsibilities of the number of different parties involved in the credential’s lifecycle.

The Department for Education believes that participation in the sandbox will significantly contribute to the development of a service that will be of real value to the public.

Entered: November 2023

Financial Institutions - facilitated by the Home Office and UK Finance

While current financial crime legislation means that Financial Institutions are able to share some information for the purpose of addressing financial crime risk, there are limitations. This can make it difficult to share data in some situations and difficult to address some specific money laundering typologies. The Participating Banks are currently exploring the legal framework and practicalities of sharing information, with the intention of sharing data on customers that pose the highest financial crime risk. This provides other Participating Banks with the ability to identify information relating to potential financial crime risk presented by their customers, or potential customers, that they would have otherwise not known.

The pilot is being facilitated by the Home Office and UK Finance, with a technology platform being provided by a secure third-party provider. Information sharing will be conducted by nine Participating Banks, however, the list of participants may change throughout the life of the pilot.

The participating organisations look forward to working with the ICO to explore how information sharing can be undertaken under UK GDPR, with appropriate data privacy mitigations. The overall effectiveness of such information sharing will also be assessed, and outcomes used to make recommendations for future implementation.

Entered: February 2022