The Information Commissioner’s Office has finally published details of how its new regulatory "sandbox" will work, after opening the beta phase of the initiative, which is designed to support organisations using personal data to develop products and services that are innovative and have demonstrable public benefit.
The beta phase, which is now open to applications, will enable participants to work through how they use personal data in their projects with the ICO’s specialist staff to help ensure they comply with data protection rules.
It offers a free, fully functioning service for organisations of varying types and sizes, across a number of sectors. For the past couple of months the ICO has held a pre-application process asking organisations that might be interested to get in touch.
The regulator said that most interest had come from the healthcare and patient administration sector, making up about a sixth of responses, with other areas including legal, education, financial, advertising, insurance and recruitment, as well as government departments and regulators.
About half of all responses were from micro-organisations, and a quarter from larger bodies.
The ICO expects that many of the products that will come into the sandbox will be at the cutting edge of innovation and may be operating in particularly challenging areas of data protection where there is genuine uncertainty about what compliance looks like. As a result, participants may become use-cases from which the ICO anticipates change and develops public guidance and resources on compliance.
ICO executive director for technology and innovation Simon McDougall said: "Thousands of organisations are working on projects using personal data to transform the way we live and work. We want to support this innovation whilst helping ensure that the products and services under development are compliant and deliver benefits to the public.
"Our sandbox will provide the environment that organisations need to test new concepts and technologies. The lessons we learn together may identify more fundamental questions with broader implications for data protection, and could ultimately inform the development of new guidance or codes of conduct in particular sectors to pave the way for further innovation."
Successful organisations will receive an on-site visit from a dedicated sandbox team member, who will then work with them to devise and implement a bespoke sandbox plan. Organisations will exit the sandbox by September 2020, when the beta phase is planned to finish.