Privacy & Data Security Law News

UK Regulator, Companies Team Up to Improve Data Privacy (1)

July 29, 2019, 3:00 PMUpdated: July 29, 2019, 4:46 PM

Companies looking to use facial recognition in airports and eliminate bias in machine learning are among ten groups who will partner with the UK’s data protection authority to test innovations for data security compliance.

The Information Commissioner’s Office July 29 announced its choices for a sandbox project, which encourages the safe development of tools that use personal data for the public good. The projects, chosen from 64 applications, also cover issues such as housing, road traffic management, and student welfare.

“The sandbox will help companies and public bodies deliver new products and services of real benefit to the public, with assurance that they have tackled built-in data protection at the outset,” Information Commissioner Elizabeth Denham said in a statement.

The project comes as privacy regulators throughout Europe take greater steps to enforce the General Data Protection Regulation (GDPR). Regulators have pledged to go after companies that violate the law, which governs U.S. multinationals as well as EU-based businesses.

One project, the Automation of the Passenger Journey program at Heathrow Airport, will examine the use of facial recognition technology at bag drops, check-in, and boarding gates, the ICO said. Privacy advocates and lawmakers in the U.S. have criticized efforts to use facial recognition in domestic airports.

Another project with financial technology company FutureFlow will study ways to analyze the flow of money in a financial system. It will allow regulators, financial institutions, and agencies to use analytics to track electronic financial criminal activity while reducing the focus on individual consumers and businesses, the ICO said.

“We think GDPR is very helpful in creating sort of the guidelines and the structure around what is and is not feasible in terms of data protection, especially when it comes to new ideas and new technology,” FutureFlow spokesman Vadim Sobolevski said. “When we discovered that the ICO is structuring a sandbox around it, we thought it would be great to work directly with them.”

Rachel O’Connell, spokesperson for TrustElevate, a company that provides verified parental consent and age-checking, echoed Sobolevski’s sentiment. “Being part of the ICO regulatory sandbox provides us with unprecedented access to expert advice and guidance from the regulator,” she wrote in an email.

All 10 development partners will “exit” the sandbox partnership’s beta phase by September 2020, the ICO said.

To contact the reporter on this story: Anna Kramer in Washington at akramer2@bloomberglaw.com

To contact the editors responsible for this story: Rebecca Baker at rbaker@bloomberglaw.com; Keith Perine at kperine@bloomberglaw.com