A template for a report from the process of integrated impact assessment on border control technologies in the European Union and the Schengen Area

The purpose of this Chapter is to provide sufficiently detailed explanations to enable the completion of the Template for reporting the integrated impact assessment process (Annex 1). The assessors consult this Chapter’s instructions in conjunction with Annex 1, whose structure firmly corresponds to the structure herein.
The Template for reporting the integrated impact assessment process in Annex 1 is organised into tables and matrices. Following the 11-step method, consecutive steps are marked in brown and the ongoing steps in orange, as presented in the diagram below. The assessors are to fill in only the fields coloured in light brown or light orange. A field for any further remarks or comments, if necessary, is provided at the end of each step. The assessors fill in, in an easily understandable language, the empty rows in the tables and/or other fields assigned to each step. To the greatest extent possible, each answer is exhaustive and sufficiently motivated (described, explained, justified, etc.), as is equally the case for the criteria/explanations ‘fulfilled’ and ‘not fulfilled’. Further rows can be added in each table, should there be a need, or, should the space be insufficient, each element can be moved to attachments. Alternatively, any of the tables and/or fields may be removed, and the same information presented in some other format if the assessors deem it appropriate. Provision of an explanation is required whether the box is ticked or not. After the receipt of the filled-in report, the sponsoring organisation, in turn, fills in the light green fields only, facilitating the final decision (of whether or not to proceed with the envisaged initiative).
The Template assumes the team of assessors is familiar with the legal framework for personal data protection and privacy in the European Union, as well as the principles of ethics and social acceptance. (References to legal provisions without any further specification pertain to the General Data Protection Regulation [GDPR].) It also assumes mini-mum familiarity with the process of risk appraisal and with the criteria limiting the enjoyment of human rights, in particular those of necessity and proportionality. Furthermore, it is expected that all relevant stakeholders, be they the data controller(s), the data protection officer (DPO), the pertinent EU agencies and border control authorities, among others, are involved in the entirety of the assessment process. As the assessment process concerns an as-yet-unimplemented initiative, the assessors may have to rely on estimations and, at times, incomplete information.