Innovative digital applications are often accompanied by uncertainties regarding data protection. According to a survey by the industry association bitkom, the majority of the companies surveyed have, at some point, refrained from introducing a digital application due to data protection concerns, while others have accepted the risk of violating current data protection regulations. A so-called "regulatory sandbox" could help avoid legal violations and data protection issues while allowing the testing of novel applications in a "regulatory sandbox" setting, thus promoting innovation. A sandbox, in this context, is a temporary digital experimental environment where companies or public authorities can test the legal compliance of their applications under real conditions. In cooperation with supervisory authorities, potential data protection issues are to be identified in a secure environment before the applications are launched on the market. Although European law already mandates the establishment of "AI real-world laboratories" in the field of artificial intelligence, it is still largely unclear how a sandbox can be implemented under German regulations.
The BMBF-funded project "The Data Protection Sandbox" aims to create the foundation for such experimental environments. In this project, Prof. Dr Agnes Koschmider from the Chair of Business Informatics at the University of Bayreuth and Prof. Dr Christoph Krönke from the Chair of Public Law I at the University of Bayreuth are overseeing the establishment and realisation of a data protection sandbox at the LfDI Rhineland-Palatinate, headed by Prof. Dr Dieter Kugelmann, from both a legal and IT perspective. The first step involves identifying the legal conditions and technical requirements for setting up such a sandbox. Subsequently, a data protection sandbox will be set up at the LfDI and thoroughly analysed from both legal and IT-scientific standpoints. The project aims to produce a practical guide at the end, which will facilitate the establishment of a data protection sandbox for the other 17 data protection supervisory authorities in Germany.
"Our project is an important step towards secure and innovative digital applications in Germany. We are creating a balance between protecting sensitive data and fostering innovation by providing an environment where companies can test new technologies and solutions without endangering users' privacy," says Prof. Krönke.
Project partner Prof. Kugelmann adds: "Innovation is possible in compliance with data protection. As a supervisory authority, we are highly interested in ensuring that data protection requirements are integrated into the development of new technologies from the outset. With the data protection sandbox, we are creating a win-win situation: my authority can provide intensive advice at an early stage, and companies can test and develop their applications in a clearly defined framework that complies with the law. Ultimately, citizens benefit from products that respect their rights and freedoms rather than endangering them."
The project has been running since 1 October 2024 and is funded by the BMBF for three years with €1.01 million, of which approximately €750,000 will go to the University of Bayreuth. The project "The Data Protection Sandbox" is funded as part of the BMBF's "Privacy Platform" initiative.