The European Commission is revising the EU’s data protection framework. One of the changes concerns privacy impact assessment (PIA). This paper argues that the European Commission and the EU Member States should draw on the experience of other countries that have adopted PIA policies and methodologies to construct its own framework. There are similarities and differences in the approaches of Australia, Canada, Ireland, New Zealand, the UK and US, the countries with the most experience in PIA. Each has its strong points, but also shortcomings. Audits have identified some of the latter in the instance of Canada. This paper provides a comparative analysis of the six countries to identify some of the best elements that could be used to improve Article 33 in European Commission’s proposed Data Protection Regulation.
privacy impact assessment, data protection impact assessment, compliance check, stakeholder consultation, risk management, Data Protection Regulation
Research Articles: Special Section
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.Material published in the JCER is done so under a CC BY-NC-ND 4.0 licence, with copyright remaining with the author.
- Articles published online in the JCER cannot be published in another journal without explicit approval of the JCER editor.
- Authors can 'self-archive' their articles in digital form on their personal homepages, funder repositories or their institutions' archives provided that they link back to the original source on the JCER website. Authors can archive pre-print, post-print or the publisher's version of their work.
- Authors agree that submitted articles to the JCER will be submitted to various abstracting, indexing and archiving services as selected by the JCER.