Out-Law News 1 min. read

Data protection watchdog promises regulatory sandbox for digital innovations


Businesses developing innovative digital products and services will be able to test that their solutions comply with data protection laws under a new scheme promised by the UK's Information Commissioner's Office (ICO).

The data protection watchdog's plans for a 'regulatory sandbox' were outlined in its recently published new technology strategy for 2018-2021 (9-page / 265KB PDF).

"The ICO sandbox will enable organisations to develop innovative digital products and services, whilst engaging with the regulator, ensuring that appropriate protections and safeguards are in place," the strategy paper said. "As part of the sandbox process the ICO would provide advice on mitigating risks and data protection by design."

The ICO said its sandbox initiative, which it said it would consult and engage organisations about this year, would draw on "the successful sandbox process" that the UK's Financial Conduct Authority (FCA) has developed in the area of fintech.

The FCA's sandbox scheme allows businesses to "test new ideas without incurring all of the normal regulatory consequences", the regulator has said previously. Businesses must satisfy a range of criteria and be successful with their applications to win the right to participate in the FCA's sandbox. Testing under the scheme can involve real world experimentation of innovative products, services, business models and mechanisms of delivery under a light-touch regulatory framework and tightly controlled conditions.

In October, the FCA said that there was evidence that participation in its sandbox scheme had helped businesses to attract investment.

In its new strategy, the ICO also outlined its "technology priority areas" for 2018-2019. The three areas in which it will focus its attention and resources are cybersecurity, artificial intelligence (AI), big data and machine learning, and web and cross-device tracking.

The ICO said its decision to focus on AI was justified because of the technology's ability to "intrude into private life and effect human behaviour by manipulating personal data".

The ICO said it would "develop an action plan for each priority area". The action plans will be reviewed and updated annually, and the technology priority list will also be reviewed each year, it said.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.