CIPL Responds to ICO Call for Views on Creating a Regulatory Sandbox
Time 2 Minute Read
Categories: Centre for Information Policy Leadership

On October 11, 2018, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP submitted comments to the UK Information Commissioner’s Office (“ICO”) in response to its call for views on creating a regulatory sandbox.

The regulatory sandbox concept is intended to provide a supervised safe space for piloting and testing innovative products, services, business models or delivery mechanisms in the real market, using the personal data of real individuals. The concept was first developed by the UK’s Financial Conduct Authority to enable regulated companies to experiment and innovate in the financial services space. The model may be particularly suited for and well received in the data protection community, where technical innovation has an impact on data protection and where there is an increasing recognition that compliance has to be treated as an iterative process.

In its comments, CIPL identifies the main benefits of participation in the regulatory sandbox, sets out various practical suggestions to maximize the prospects of success of the regulatory sandbox and lays out specific safeguards which the ICO should adopt in its deployment of the concept.

In particular, CIPL’s response details:

  • benefits of sandbox participation for individuals, organizations, the ICO itself, society and the economy;
  • actual and hypothetical examples of where sandbox participation may be helpful, both in the private and public sectors;
  • practical considerations around the operation of the sandbox concept and features that can be included to maximize the prospects of its success;
  • criteria for acceptance into the sandbox;
  • the relationship between the sandbox and data protection impact assessments; and
  • safeguards which must be considered to address real concerns that are likely to arise from prospective sandbox participants.

CIPL has previously written about the potential of a regulatory sandbox model in data protection as a critical tool for innovation in digital society while ensuring data protection in its 2017 paper Regulating for Results: Strategies and Priorities for Leadership and Engagement.

Tags: Information Commissioners Office
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 2 Minute Read
UK Regulators Issue Joint Statement on Age Assurance for Online Services

On March 25, 2026, the UK Information Commissioner’s Office and the UK Office of Communications released a joint statement addressing the intersection of online safety and data protection in relation to age assurance.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
UK ICO Publishes Guidance on Recognized Legitimate Interest Basis

On March 23, 2026, the UK Information Commissioner's Office released new guidance clarifying the use of the new recognized legitimate interest lawful basis for processing personal information under UK data protection law.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
UK ICO Launches Consultation on New Guidance on Research, Archiving and Statistics Provisions

On February 27, 2026, the UK ICO announced a public consultation on proposed updates to its guidance concerning research, archiving and statistics to reflect the changes introduced by the Data (Use and Access) Act 2025.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
UK ICO Fines Reddit £14.47 Million for Failing to Protect Children’s Privacy

On February 24, 2026, the UK ICO announced that it had fined Reddit, Inc. £14.47 million following an investigation into the company’s handling of children’s personal information.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page