ICO Data Protection Regulatory Sandbox: first reports published

by Gabriel Rizza Ferraz

The Information Commissioner’s Office (ICO) the independent authority set up to uphold information rights and promote data privacy for individuals in the UK has published the first reports from the beta phase of their regulatory sandbox testing. The sandbox was launched in September 2019 with the objective of enabling innovative solutions for data protection.  Two organizations completed testing in July 2020.

Heathrow Airport engaged with the sandbox to better understand the processing of biometric personal data used to verify passengers’ identities and help establish who is a data controller or processor. The airport also had the objective of improving informed choice methods for data subjects. The report highlights the challenges of working on a global scale and complying with GDPR requirements.

Jisc, a non-for-profit digital solutions provider, worked with universities and colleges to improve the provision of student support services using data.  The organization identified what personal data could be used by higher education institutions to promote student wellbeing with the use of analytics. The test allowed the ICO to better understand how universities could use data to improve students’ mental health whilst complying with data protection legislation.

The reports preliminary results were beneficial for all participants. Private organizations improved their knowledge on how data protection and innovation can work together and helped develop the ICO’s views on compliance issues. The results of the first testing will allow the authority to improve support for organizations in the future.

More info

About the Author

Gabriel Rizza Ferraz is Policy Analyst at the Brazilian Micro and Small Business Support Service.