David Wright Rachel Finn Rowena Rodrigues


The European Commission is revising the EU’s data protection framework. One of the changes concerns privacy impact assessment (PIA). This paper argues that the European Commission and the EU Member States should draw on the experience of other countries that have adopted PIA policies and methodologies to construct its own framework. There are similarities and differences in the approaches of Australia, Canada, Ireland, New Zealand, the UK and US, the countries with the most experience in PIA. Each has its strong points, but also shortcomings. Audits have identified some of the latter in the instance of Canada. This paper provides a comparative analysis of the six countries to identify some of the best elements that could be used to improve Article 33 in European Commission’s proposed Data Protection Regulation.


Article Keywords

privacy impact assessment, data protection impact assessment, compliance check, stakeholder consultation, risk management, Data Protection Regulation

Research Articles: Special Section
Article Copyright
Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Material published in the JCER is done so under a CC BY-NC-ND 4.0 licence, with copyright remaining with the author.
  • Articles published online in the JCER cannot be published in another journal without explicit approval of the JCER editor.
  • Authors can 'self-archive' their articles in digital form on their personal homepages, funder repositories or their institutions' archives provided that they link back to the original source on the JCER website. Authors can archive pre-print, post-print or the publisher's version of their work.
  • Authors agree that submitted articles to the JCER will be submitted to various abstracting, indexing and archiving services as selected by the JCER.
Further information about archiving and copyright are contained within the JCER Open Access Policy.