Data protection  

Regulator launches sandbox for data protection

Regulator launches sandbox for data protection

Information watchdog the Information Commissioner’s Office has invited companies to join its sandbox, a service designed to support innovation in data protection.

The sandbox, a term used to describe a safe space in which to test new products and services without falling foul of regulation, will enable participants to work through ideas on how to use personal data, with the ICO’s specialist staff helping to ensure they comply with data protection rules. 

Simon McDougall, executive director for technology and innovation at the ICO, said: "Thousands of organisations are working on projects using personal data to transform the way we live and work. We want to support this innovation whilst helping ensure that the products and services under development are compliant and deliver benefits to the public."

Article continues after advert

The sandbox will accept ten companies of all sizes and from all sectors. They will be able to remain in the sandbox until September 2020, when the beta phase completes. 

Data protection was made more stringent last year with the introduction of European rules the General Data Protection Regulation.

In March, a Kent-based pension transfer company was fined £40,000 by the ICO after sending almost two million direct marketing emails to people without their consent.

The company had sought specialist advice from a data protection consultancy as well as independent legal advice about the use of hosted marketing, but it proved to be inaccurate and the ICO found its marketing fell afoul of regulations.

Scott Gallacher, chartered financial planner at Rowley Turton, said the launch of the sandbox came at a strange time as the UK’s future with the European Union remains unresolved. 

He said: "When GDPR came in, the ICO offered little guidance, and now this looks like it wants to push the boundaries of the rules.

"I’m not sure encouraging firms to get as close to the line as possible is the right thing to do. And most people don’t want firms to be ‘innovative’ with their data, they want them to stick within the law."

Firms have until May 24 to apply to join the ICO’s sandbox.