The Data Protection Impact Assessment, or: How the General Data Protection Regulation May Still Come to Foster Ethically Responsible Data Processing
4 Pages Posted: 27 Nov 2015
Date Written: November 25, 2015
Abstract
The General Data Protection Regulation will make it mandatory for data controllers to conduct a data protection impact assessment (DPIA). This short comment argues that, given the formulations of this requirement in the proposed versions of the upcoming regulation, the DPIA could take shape as requiring a broad ethical/rights assessment which is overseen by a regulatory agency. As such, the data protection impact assessment could prove valuable as a regulatory instrument to steer controllers to respect the fundamental rights of individuals above and beyond what data protection law strictly requires.
Keywords: General Data Protection Regulation, Data Protection Impact Assessment, Privacy Impact Assessment, fundamental rights
Suggested Citation: Suggested Citation