Heathrow Airport and NHS Digital join ICO sandbox projects

woman clicking on keyboard with GDPR in white letters
(Image credit: Shutterstock)

The Information Commissioner's Office (ICO) has fired the starting gun for the pilot phase of its "regulatory sandbox", with ten data-dependent projects ranging from biometric tracking to consent management taking part in the initiative.

This scheme offers organisations an environment in which the UK data regulator will provide support and guidance as they develop innovative products and services that heavily rely on the use of personal data.

During the process, the ICO will oversee the planning and implementation of these projects to ensure they're fully compliant with the General Data Protection Regulation (GDPR).

"The ICO supports innovation in technology and exciting new uses of data, while ensuring that people's privacy and legal rights are protected," said the information commissioner, Elizabeth Denham.

"We have always said that privacy and innovation are not mutually exclusive and there doesn't need to be an either-or choice between the two.

"The sandbox will help companies and public bodies deliver new products and services of real benefit to the public, with assurance that they have tackled built-in data protection at the outset."

The ICO will also use this as an opportunity to observethe industry for developments in technology and innovation, and establish both the regulatory opportunities and challenges they will generate.

The first ten pilot projects were selected from 64 applicants and are run by organisations including NHS Digital, Heathrow Airport, the Ministry of Housing and Local Government, and an authentication firm named TrustElevate.

Heathrow Airport will test its Automation of the Passenger Journey programme, which involves using facial recognition technology at each checkpoint throughout the airport from check-in to boarding gates.

NHS Digital aims to work on the design and development of a central mechanism for collecting and managing patient consents for sharing healthcare data for purposes such as medical research and clinical trials.

The Ministry of Housing Communities and Local Government, meanwhile, has partnered with the Department of Work and Pensions and Blackpool Council to match personal information controlled by various parties. This is in order to understand more about the private rented sector in Blackpool and how to improve the quality of properties.

The Greater London Authority's Violence Reduction Unit (VRU), which is also part of the project, aims to integrate various datasets, including health, social and crime data, to better understand how public health and social services can be managed to reduce crime.

The ICO first teased the sandbox last year, before opening the scheme up to applications from the end of March.

The next stage will involve devising detailed plans for each project before work begins on testing the compliance of these ideas. All work is expected to be completed by September 2020, by which point these products and services will have been fully assessed.

The projects developed are expected to be fully GDPR-compliant, and run into fewer regulatory hurdles at launch.

Keumars Afifi-Sabet
Features Editor

Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.