We are happy to announce that the Information Commissioner’s Office has selected the first 10 projects which will participate in the beta phase of the ICO Sandbox. Submitted by organisations from a broad range of sectors and sizes, these products and services met the selection criteria of being genuinely innovative and viable, with the potential for delivering real benefit to the UK public.
Elizabeth Denham, Information Commissioner, said:
“The ICO supports innovation in technology and exciting new uses of data, while ensuring that people’s privacy and legal rights are protected. We have always said that privacy and innovation are not mutually exclusive and there doesn’t need to be an either-or choice between the two.
“The sandbox will help companies and public bodies deliver new products and services of real benefit to the public, with assurance that they have tackled built-in data protection at the outset.
“Engaging with businesses and innovators in the sandbox is also a valuable exercise in horizon scanning - the ICO can identify new developments in technology and innovation and the potential opportunities and challenges they may provide.”
Sandbox - Statements of participation
FutureFlow is a RegTech start-up designing a Forensic Analytics platform that monitors the flow of funds in the financial system. Its platform enables multiple financial institutions, regulators and agencies to leverage each other’s intelligence on Electronic Financial Crime without heavy reliance on Personally Identifying Information. This collaborative approach to tackling financial crime opens the prospect of higher detection rates with lower false positives, while reducing the burden of scrutiny on each individual and business consumer.
Greater London Authority
In order to reduce levels of violence in London, the Mayor has set up a Violence Reduction Unit (VRU) which is taking a public health approach to this issue. As part of this work, the VRU needs to better understand how public health and social services can be managed to prevent and reduce crime, with a focus on early intervention. There is increasing interest from the VRU, the Mayor’s Office of Policing and Crime (MOPAC) and the Greater London Authority (GLA), for health, social and crime data to be looked at in an integrated and collaborative way.
Heathrow Airport Ltd
Heathrow Airport’s Automation of the Passenger Journey programme aims to streamline the passenger journey by using biometrics. Facial recognition technology would be used at check-in, self-service bag drops and boarding gates to create a seamless experience for passengers travelling through the airport. Current processes require passengers to present different forms of documentation, such as boarding cards and passports, at different points in their journey to prove their identity and show that they are authorised to travel. By offering passengers the option of using facial recognition technology they would have the choice to enjoy a frictionless journey through the airport.
Jisc is developing a Code of Practice with universities and colleges wishing to investigate the use of student activity data to improve their provision of student support services. This will help them protect both privacy and wellbeing.
The Ministry of Housing Communities and Local Government
The Ministry of Housing, Communities and Local Government's project partners with Blackpool Council and the Department of Work and Pensions, and seeks to match personal information controlled by multiple parties in order to create a dataset that will allow MHCLG to understand more about the private rented sector in Blackpool, who lives there, and how we can help improve the quality of properties.
NHS Digital is working on the design and development of a central mechanism for collecting and managing patient consents for the sharing of their healthcare data for secondary use purposes, including medical research and regulated clinical trials.
Novartis Pharmaceuticals UK Limited
Novartis is exploring the use of voice technology within healthcare. Through its Voice Enabled Solutions project, Novartis is working with healthcare professionals to design solutions to make patient care easier, and addressing the data privacy challenges posed by this emerging technology.
Onfido will research how to identify and mitigate algorithmic bias in machine learning models used for remote biometric-based identity verification
The Galileo Programme was launched in 2017 and is jointly sponsored by the National Police Chiefs’ Council and Highways England. Galileo’s primary focus is on the ethical use of innovative data analytics technology to improve road safety while also preventing and detecting crime.
TrustElevate provides secure authentication and authorisation for under- 16s. TrustElevate is the first company globally to provide verified parental consent and age checking of a child. It is working to enable companies to comply with regulatory requirements, and to make the Internet a safer environment for children, facilitating a more robust digital ecosystem and economy.
The ICO introduced the Sandbox service to support organisations who are developing products and services that use personal data in innovative and safe ways.
Organisations have had the opportunity to engage with us; draw upon our expertise and advice on mitigating risks and ‘data protection by design’, whilst ensuring that appropriate protections and safeguards are in place.
In order to develop the Sandbox, the ICO launched the beta phase for a sample of participant organisations to try out the service.
The beta phase will provide a free, professional, fully functioning service for approximately ten organisations, of varying types and sizes, across a number of sectors.
The beta phase comprises:
- Application period: 29 March - 24 May (submission deadline)
- Selection period: May - July
- Planning and operational period: July 2019 - September 2020
There are a number of benefits to your organisation participating in the Sandbox. These may include:
- access to ICO expertise and support;
- enhanced confidence in the compliance of your finished product or service;
- a better understanding of the data protection frameworks and how these effect your business;
- being seen as accountable and proactive in your approach to data protection, by customers, peer-organisations and the ICO, leading to increased consumer trust in your organisation;
- supporting the UK in its ambition to be an innovative economy; and
- contributing to the development of products and services that can be shown to be of value to the public.
Frequently asked questions
Will the ICO provide us with a hosted environment to conduct our work in?
No, we will not be hosting environments as part of the Sandbox beta phase. You will be responsible for providing your own IT infrastructure.
Will the ICO assist us to procure data?
No, we are unable to advise you about where or how to procure data. Nor are we able to provide any funding to assist you in procuring data.
Will we be able to use real customer (live) data or can we use created/stimulated (dummy) data for testing?
You may use either live or dummy data to test your products so long as they are compliant with data protection law. Using dummy data may be preferable as it does not carry any risk to data subjects. If you are processing live data, you will need to complete a DPIA beforehand if it is likely to result in a high risk to the data subject. We will not be providing live or dummy data and therefore we expect you to source your own data for testing.
Will the ICO deal with other regulators on our behalf?
We will not deal with other regulators on your behalf. However, if your proposed product or service is subject to other regulations, we ask that you notify us about this in your application. We may ask you to provide evidence about how the product or service complies with these other regulations and we may contact other regulators to confirm this is the case.Will the ICO be providing financial support as part of the Sandbox?