For the second consecutive year, the U.K. Information Commissioner’s Office will fund a new set of research focusing on privacy and data protection issues through its Grants Programme.
After last year’s successful program, where four projects were selected to receive anywhere from 20,000 to 100,000 GBP, the ICO is looking to keep up the momentum for the 2018 round of funding. ICO Senior Policy Officer Robert McCombe spoke with Privacy Tech to discuss how the past winners were chosen and whether last year’s recipients will inform the decision-making process this year.
The four projects chosen by the ICO in 2017 each covered very different privacy concerns, such as data portability, children's privacy, data subject rights and anonymization. In their announcement for the new round of funding, the ICO listed out data privacy areas applicants can focus on, including big data, the EU General Data Protection Regulation, artificial intelligence, biometrics and blockchain, among others.
Applications must be in by August 17 at 5 pm GMT, a deadline McCombe stressed is absolute. After that, two panels will take their turns looking over the proposals. The ICO hopes to notify the 2018 winners by mid-to-late November, but delays could push it to mid-December.
Anticipating questions about the application process, the ICO conducted a how-to webinar. Questions mostly involved who can turn in proposals to the program. Private enterprises can participate in the proceedings, as long as they are not for commercial application. Joint proposals are also allowed as long as the pitch makes it clear who will be responsible for what aspect of the project. The ICO will not accept research for doctoral or post graduate studies, but applicants whose application focuses on building upon that work will make the cut.
Just like last year, in order to be selected, applicants are asked to send in various documents including expenses claimed, privacy notices, certifications of incorporation and other contracts that let the ICO vet potential partners.
After applications are received, they are examined by the two panels. The first panel consists of internal ICO staff from senior management and leadership teams. The second panel features external contributors from law firms, innovation centers, data-focused charities and policy groups. McCombe outlined the criteria the panels seek out when pouring over the pitches.
“First and foremost is overall quality,” said McCombe. “Quite simply, is it well written, is it coherent, and does it demonstrate a certain amount of confidence in what they have done. It’s not to say that we don’t consider applications from organizations that have not undertaken this kind of work before, but we would expect them to have done their research.”
Past experience is why the Open Rights Group was selected as a winner last year, according to McCombe. ORG’s pitch centered on a financial tech application allowing data subjects to understand an organization’s privacy notices, providing them with rights they are afforded under the EU General Data Protection Regulation. Having a track record of completing full-scale projects offered ORG a quality the panels found attractive.
McCombe noted relevance and timeliness are two other factors the panel looks for in the proposals, particularly topics seen within the ICO’s strategic plan, as well as projects that can feasibly be completed within 12 months. Another area of importance is whether the proposal matches up with the agency’s values, which McCombe said is the reason why one of last year’s schemes resonated with the panels.
Imperial College London won a grant for focusing on anonymization, specifically by creating a tool providing an estimation of the amount of data needed to re-identify a data subject.
“That one caught the eye first because it aligned with one of our key topics, which was dealing with reidentifying personal data and challenging the notions that anonymized data was in fact highly secure,” said McCombe, who added the project also offered opportunities for engagement through lectures and public talks.
Additionally, a valuable piece of the proposal must be its ability to benefit the U.K. public, as projects will fare much better with the panels if they can demonstrate benefits to a wide audience and are constructed to last for the long run.
Teeside University’s accepted project centered on health care data portability, giving patients the ability to move their data between different sectors of the National Health Service and local institutions.
“This caught the eye because obviously it’s not only a hot topic that matters a great deal, but one that does need careful consideration given the information that is being dealt with, the interplay between data controllers and data processors, and it was a chance to engage at a regional level in the northeast of England, but with a series of tools and research that could have national implications across the country,” said McCombe.
While agency's areas of interest list is varied, McCombe and the ICO do not want to discourage potential participants who have a project covering a topic a previous winner is already working on. Children’s privacy is on the topic list this year, and it was the focal point of the final winner in 2017.
The London School of Economics produced a toolset where organizations can form their own solutions to manage children’s privacy from a legal and parental standpoint and to build engagement with children between the ages of 11 to 18.
Once last year’s winners received their grants, the ICO did not just fade into the background. McCombe is the conduit between the ICO and the research groups, working with the teams to manage any problems they may face and to check in to ensure the work continues on schedule.
Even though the ICO is not part of central government, it still runs the program under the U.K. government’s Grants Standards. The agency gravitated toward the robust set of criteria and training it offers to make sure public money is not misused.
The ICO received 117 applications in 2017, well above the agency’s expectations. News exposure of last year’s round of proposals could lead to more participation this year, however the implementation of the GDPR could result in a decrease, as several pitches last year focused on preparing for the rules. McCombe and the ICO will just have to wait and see where the final tally ends up.
photo credit: Project 365 Day 130: Flag via photopin (license)