Building sandcastles with the ICO
The UK’s data protection regulator, the Information Commissioner’s Office (ICO), is calling for evidence and views on creating what it calls a “regulatory sandbox”.
Adopting a similar approach to the Financial Conduct Authority, the ICO’s Technology Strategy for 2018-2021 explains that the sandbox will “enable organisations to develop innovative digital products and services, whilst engaging with the [ICO], ensuring that appropriate protections and safeguards are in place”.
If the ICO adopts the FCA’s approach, eligible organisations from national companies to start-ups would apply to be part of a cohort that would agree a testing protocol with the ICO and receive informal guidance on how to bake compliance with data protection obligations into their product development processes. While the ICO would not exempt participants from complying with data protection law, the risk of action being taken would be mitigated by leveraging the benefit of the ICO’s expertise.
The deadline for submitting evidence and views is 12 October 2018.