By Simon McDougall – Executive Director – Technology and Innovation
16 October 2019
I’ve found there’s often a misconception that regulation seeks to stifle innovation and that the role of regulators is to add layers of red tape. For me, that is simply not true. The ICO has said time and again, it’s not a case of privacy or innovation – it’s privacy and innovation.
A few weeks ago, I was lucky enough to be a judge at the Financial Conduct Authority’s TechSprint. The event was a brilliant example of exactly how privacy and innovation can work together in practice.
The TechSprint brought together teams from all over the world to focus on how Privacy Enhancing Technologies (PETs) can help financial institutions to share data in order to prevent money laundering, while still meeting their confidentiality and privacy obligations.
It was an excellent opportunity for my colleagues from the ICO’s Regulators’ Business Innovation Privacy Hub (The Hub) and myself to look at real deployments of PETs. The creation of the Hub was enabled by a grant from the Regulators’ Pioneer Fund, set up by the Department for Business, Energy and Industrial Strategy. We were also on hand to offer attendees advice on the data protection implications of implementing these technologies and there were three key issues, which were common to many of the teams.
- Think privacy from the outset
Many of the organisations focused on the solution and then tried to work out how they could make it compliant. This created extra work to backtrack and rebuild their products with privacy in mind. It’s absolutely key to think of data protection as a core building block of design and not a bolt-on.
- PETs are a piece of the puzzle, not the finished product
When teams were looking for a data protection solution, it became clear there was a misunderstanding that PETs alone can solve all GDPR compliance issues. They are just one part of the puzzle and it’s important that you’re not over reliant on them. Think about what data protection issues you’re trying to solve and don’t assume that PETs will automatically solve them.
- Collaboration is key
The TechSprint brought so many people together from a wide range of sectors and backgrounds. Seeing them consider and create together was incredibly rewarding. It demonstrated that successful teams must listen to a variety of voices, both from within your organisation and externally.
The Hub team is part of the ICO’s Technology and Innovation Directorate and funded by the Department for Business, Energy and Industrial Strategy’s Regulators’ Pioneer fund. The Hub’s focus is embedding information rights in the work of all UK regulators. This can involve:
- collaborating with regulators;
- assisting businesses involved in regulatory innovation programmes; or
- helping regulators make sure data protection is considered at the very beginning of any new project.
The Hub team has been working with a variety of sectors, from utilities to legal services and we are really interested to see how the ICO can work with other regulators – enabling them to try new things, with the reassurance that we can guide and advise them on how to mitigate data protection risk.
If your organisation is already working with your own industry’s regulator and think that the Hub could help support you with compliance, then please get in touch by emailing firstname.lastname@example.org.
Simon McDougall is Executive Director for Technology Policy and Innovation at the ICO where he is developing an approach to addressing new technological and online harms. He is particularly focused on artificial intelligence and data ethics.
He is also responsible for the development of a framework for auditing the use of personal data in machine learning algorithms.