This article is more than 1 year old

UK regulator moots data protection sandbox for organisations to play in

ICO strategy outlines plans to slurp up academic expertise

The Information Commissioner's Office has promised organisations a regulatory sandbox to test out the data protection implications of new tech as part of its first technology strategy.

The strategy (PDF), which will run from 2018-21, sets out eight goals for the ICO, along with three priority areas – cybersecurity, artificial intelligence, and device tracking – for the next year.

It aims to ensure the body stays up to date with the technology that has changed the sector it regulates almost beyond recognition.

new fiver

UK data controllers to pay ICO up to £2.4k more a year when GDPR kicks in


The ICO said that its overall approach was that "privacy and innovation are not mutually exclusive" and that tech was both "a risk and an opportunity" – but it seems from the thrust of the document that the body is concerned about its own understanding of the tech.

The strategy makes much of the need to boost the technical expertise of ICO staff, setting out plans for extra training, new hires and closer links to academia, as well as pushing the idea of data protection by design.

One of the most immediate goals, which it plans to start work on this year, is to create a regulatory sandbox where organisations can develop new digital products and services in a way that the ICO can keep up with.

The aim is to ensure that "appropriate protections and safeguards are in place", so the ICO can offer advice about mitigating risks and building in privacy, and the sandbox will be modelled on a system that the Financial Conduct Authority launched in 2015.

Elsewhere, the ICO promises to increase education and awareness on tech issues for staff through training programmes and briefings at all levels, with technical competencies added into job descriptions.

It plans to recruit and retrain staff, along with seconding in experts from other organisations and establish technology apprenticeships with universities or other education providers.


Info Commish tells we shouldn't let artificial ignorance make all our decisions


The ICO also promises a post-doctoral scheme it hopes will increase in-house expertise and give staff easy access to advice. The first position will be a two-year postdoc to investigate the impact of AI on data privacy.

Further plans include greater collaboration with professional, academic and industry technology bodies, and regulators in other sectors and nations, as well as work to revise the ICO's technology reference panel, and to create expert roundtables on specific topics. It will also establish a panel of forensic investigators to support its regulatory work.

The strategy promises an annual conference on data protection and technology, along with reports on lessons learned from security breaches, various technology issues and concerns that arise from data protection impact assessments. ®

More about


Send us news

Other stories you might like