Description
Having completed the EU co-funded PIAF project (“A Privacy Impact Assessment Framework for data protection and privacy rights”; 2011-12; http://www.piafproject.eu), we were left with some "open questions" and one of them deals with the optimal means of introduction of a privacy impact assessment (PIA) policy. In other words, what regulatory instruments and techniques can best achieve this goal?PIA policies are usually introduced as a mandatory legal requirement (eg US or the proposed EU General Data Protection Regulation), are tight to budgetary submissions (eg Canada) or a conduct of a PIA is encouraged by governments (eg the EU RFID PIA framework) or independent regulatory agencies (eg UK). Furthermore, there might be a business case in conducting a PIA (eg New Zealand’s Google Street View PIA). However, these methods do not exhaust all possibilities.
The debate on the optimal means is particularly important from the human rights viewpoint. If PIA is considered as a “tool” for better protection of the right to privacy, it should be broadly practiced. However, “[t]he likelihood of PIAs being conducted is related to the degree of policy compulsion to conduct them and to accountability for their completion” (Bayley & Bennett). This suggests that only hard-law means can offer a satisfactory level of protection.
I want to argue the picture is not that black and white. In particular, I want to offer a tentative taxonomy of the means of a PIA introduction and to evaluate them.
| Period | 29 Nov 2014 |
|---|---|
| Event title | Cyberspace 2014 |
| Event type | Conference |
| Conference number | 12 |
| Location | Brno, Czech RepublicShow on map |
| Degree of Recognition | International |
Documents & Links
Related content
-
Projects