ICO regulatory sandbox: your chance to shape the privacy and innovation discussion

The Information Commissioner’s Office (ICO) recently opened a consultation on the establishment of a regulatory sandbox. The idea draws inspiration from a similar scheme undertaken by the Financial Conduct Authority and was first proposed by the ICO in its Technology Strategy 2018-2021, published in March. The proposal foresees a “safe space where organisations are supported to develop the innovative products and services using personal data in innovative ways”.

As the Information Commissioner, Elizabeth Denham, remarked when introducing the Technology Strategy, “the most significant data protection risks to individuals are now driven by the use of new technologies. The risks are broad – from cyber-attacks to the growth of artificial intelligence and machine learning”.

The General Data Protection Regulation (GDPR), itself a product of recognising the importance of privacy amid the challenges of the digital age, raises the stakes for innovators with its requirements for data protection by design and data protection impact assessments.

Without an open and constructive regulator, there would be a real danger that the GDPR’s exacting standards might stifle important and good innovation (as I alluded to in my previous post on AI governance). The ICO is clearly keen to ensure pragmatism and transparency wins out. Privacy and innovation are not mutually exclusive and in tandem create trust and confidence and therefore true value.

The consultation seeks input on a number of key aspects of the potential sandbox scheme:

  • The barriers and challenges to innovation, in particular posed by the GDPR.
  • The scope of the sandbox, in terms of sectors and technologies covered.
  • How to maximise the benefits of involvement through positive publicity, access to ICO experts and building greater trust amongst customers, investors and the public.
  • How the sandbox should work mechanically, through ‘informal steers’ on product development, anticipatory guidance and / or adaptations to established guidance.
  • The timing aspects that best support the innovation and product development process.
  • Managing demand in what is likely to be a very popular service.

For any organisation keen to shape the important discussion to be had on the intersection of privacy and tech innovation this appears a vital consultation to get involved in.

On paper, a regulatory sandbox could provide a tremendous opportunity for businesses to consult directly with the ICO’s experts and get the guidance they need to embed privacy principles and mitigate privacy risks. This underpins quality decision-making in relation to their products, enabling them to get comfortable about longer term strategy.

At a time of extraordinary technological change, no doubt it is essential for the ICO to position itself front and centre of digital product development. Conceptualising such a practical and transparent approach is encouraging for all concerned.

The consultation closes on 12 October 2018.

 

 

 

 

 

Rob Beardmore