Abstract
Privacy impact assessments (PIAs) may soon be standardised. The European Commission plans to make PIAs mandatory if Article 33 of its proposed Data Protection Regulation is adopted without any serious depredations by lobbyists. Concurrently, the International Organization for Standardization (ISO) is considering a standard for PIAs. The approaches currently being pursued by the Commission and the ISO have their antecedents in the PIA methodologies used in Australia, Canada, Ireland, New Zealand, the UK and the US. However, almost no attention has been paid to actual PIA reports to see how well or poorly they have been prepared and how closely they follow the PIA guidance documents in their countries. This paper argues that it is worth doing - to review actual PIA reports to see what can be learned from how they are implemented and whether their implementation offers any signposts for the policymaking process. However, finding actual PIA reports is something of a challenge. Following a search for UK PIA reports, this paper provides the results of analysis of some of those in terms of how well they followed the ICO PIA Handbook guidance, and what we can learn from an analysis of actual PIA reports. Along the way, this paper argues that organisations in the UK should create a registry of publicly available PIA reports.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.