ICO Announces 1st Data Protection Sandbox Participants

July 29, 2019 was when the UK ICO (Information Commissioner’s Office) stated 10 projects selected, out of the sixty four applicants, participating in its sandbox, for which the applications opened in the month April 2019. The Sandbox is designed to support the organizations in the development of advanced services and products with a strong public benefit. The ICO intends to assist the ten organizations to ensure the risks associated with projects’ use of the personal data being mitigated. The selected applicants cover different sectors, including health, travel, crime, artificial intelligence and housing.

The project selected by ICO include proposals by Heathrow Airport Holding Limited (using the facial recognition technology for streamlining the passenger journeys), the Greater London Authority, Ministry of Housing and the NHS Digital, Local Government and Communities, in addition to the private organizations like Novartis Pharmaceuticals UK Limited, FutureFlow, and Trust Elevate. The projects are estimated to complete the Sandbox participation by September 2020. In the announcement of the project selected for the inclusion in the Sandbox, Information Commissioner Elizabeth Denham underlined the mutual assistance of the sandbox, affirming that the sandbox will motivate the companies and the public bodies to deliver the new products and various services of real assistance to the public, with assuring that they have well tackled the built-in protection of data at the outset.”

She, said:

“The ICO supports innovation in technology and exciting new uses of data, while ensuring that people’s privacy and legal rights are protected. We have always said that privacy and innovation are not mutually exclusive and there doesn’t need to be an either-or choice between the two.

“The sandbox will help companies and public bodies deliver new products and services of real benefit to the public, with assurance that they have tackled built-in data protection at the outset.

“Engaging with businesses and innovators in the sandbox is also a valuable exercise in horizon scanning – the ICO can identify new developments in technology and innovation and the potential opportunities and challenges they may provide.”

The Information Commissioner’s Office (ICO) is the United Kingdom’s independent regulator of data protection and information rights, upholding the information rights in public interest, promoting the openness by the public body and data privacy of individuals.

The ICO devises specific set of responsibilities in the General Data Protection Regulation (GDPR), Data Protection Act 2018 (DPA2018), Environmental Information Regulations 2004 (EIR), the Freedom of Information Act 2000 (FOIA), Privacy and Electronic Communications Regulations 2003 (PECR).

The General Data Protection Regulation (GDPR) is the new data protection law applied in the United Kingdom from date: 25 May 2018. Its necessities are included in the Data Protection Act 2018.

The next phase of this process will be to develop a detailed plan for each of the sandbox participants before starting the testing of the products and services. It is pictured for all the participants to have exited the sandbox by the September 2020.

As part of Sandbox participation agreement, the 10 organizations and the ICO taking part in the beta phase not going into any other further detail about the respective individual project at the stage.

1. The Act also includes measures related to wider data protection reforms in areas not covered by the GDPR, such as law enforcement and security. The UK’s decision to leave the EU did not affect the commencement of the GDPR.
2. The data protection principles in the GDPR evolved from the original DPA, and set out the main responsibilities for organisations. Article 5 of the GDPR requires that personal data shall be: