The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

NHS Digital

Exit date: December 2020

NHS Digital's original Sandbox plan objectives were to explore the development of a central consent mechanism through which individuals could agree to share their health data for purposes beyond their direct care and treatment, such as research.

However, as the pandemic became a priority, the project was re-scoped in June 2020 to focus on the delivery of a mechanism to support the COVID-19 vaccine trials.

The ICO Sandbox provided support to NHS Digital whilst developing the PtC user journey, drafting of the data protection impact assessment (DPIA) to identify any risks posed by the processing, and the user privacy notice.

Read their exit report.

Future Flow Research Inc

Exit date: November 2020

Future Flow Research Inc provides an analytics platform which monitors the flow of funds in the financial system with the potential to combat financial crime. The platform enables financial institutions to contribute pseudonymised transactional data in bulk, enabling multiple financial institutions, Regulators, and agencies to work together to detect and ultimately tackle electronic financial crime.

This collaborative approach to fighting financial crime opens up the prospect of higher detection rates with lower false positives, while reducing the burden of scrutiny on each individual and business consumer.

Read their exit report.

Onfido Limited

Exit date: November 2020

Onfido Limited has worked in the Sandbox to identify and mitigate bias present in the biometric identity verification technology it designed to enable its clients to prove that their customers are who they claim to be.

For example, a financial institution would likely use the technology to prove the identity of a customer who wants to open a bank account. That customer will be asked to provide a digital photo of their identity document and a selfie taken using a mobile phone or other device.

Onfido will then analyse those images to determine the likelihood that the identity document is genuine; and the face in the selfie matches the face in the identity document, and that the selfie image does not display evidence of signs of fraud or facial spoofing. If the identity verification check is successful, the customer will be able continue with the rest of the process. Onfido’s work in the Sandbox ensures that its product is fair and inclusive for all users undergoing identity verifications.

Read their exit report

Heathrow Airport Limited

Exit date: July 2020

Heathrow Airport’s Automation of the Passenger Journey programme aimed to streamline the passenger journey by using biometrics. Facial recognition technology would be offered at check-in, self-service bag drops and boarding gates to create a seamless experience for passengers travelling through the airport. Passengers would no longer have to present different forms of documentation, such as boarding cards and passports, at different points in their journey to prove their identity and show that they are authorised to travel.

Read their exit report

JISC – Wellbeing Code of Practice

Exit date: July 2020

JISC is a not-for-profit organisation serving the higher and further education and skills sectors. It champions the importance and potential of digital technologies for UK education and research.

Within the sandbox, JISC has developed a Wellbeing Code of Practice with universities and colleges who want to investigate the use of student activity data to improve their provision of student support services, helping them protect both their privacy and wellbeing.

It shows that good data protection can enable higher education providers to provide their duty of care to students by using the resources and data they already have available to them.

Read their exit report