Developing and testing a surveillance impact assessment methodology

International Data Privacy Law

Volumn 5, Issue 1, 2015, Pages 40-53

  Wright, David ^a   Friedewald, Michael ^b   Gellert, Raphaël ^c  

^a Trilateral Research and Consulting LLP: Trilateral Research Ltd   (United Kingdom)

^b FRAUNHOFER INSTITUTE FOR SYSTEMS AND INNOVATION RESEARCH ISI   (Germany)

^c VRIJE UNIVERSITEIT BRUSSEL   (Belgium)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 84963942559     PISSN: 20443994     EISSN: 20444001     Source Type: Journal    
DOI: 10.1093/idpl/ipu027     Document Type: Article

References (41)

1. Michael Friedewald and others, Smart Surveillance - State of the Art Report, SAPIENT Project (2012).
2. David Wright and others, 'Sorting Out Smart Surveillance' (2010) 26 Computer Law & Security Review 343.
3. BJ Goold, 'Surveillance and the Political Value of Privacy' (2009) 1 Amsterdam Law Forum 3.
4. For a similar interpretation, see R Gellert and others, 'A Comparative Analysis of Anti-Discrimination and Data Protection Legislations', Chapter 4, in B Custers and others (eds), Discrimination and Privacy in the Information Society - Data Mining and Profiling in Large Databases (Springer 2013) 61
5. Serge Gutwirth, Privacy and the Information Age (Rowman & Littlefield 2002) 158. Such clarifications remain useful even though the principle has now been enshrined into the proposed Regulation.
6. See, for instance, David Cortright and George A López (eds), Smart Sanctions: Targeting Economic Statecraft (Rowman & Littlefield 2002).
7. Iain Cameron, 'Report to the Swedish Foreign Office on Targeted sanctions and legal safeguards' (2002).
8. For an analysis of the two cases in relation to these so-called shadows of suspicion, see Gloria González Fuster and others, 'Huber, Marper and Others: Throwing New Light on the Shadows of Suspicion', INEX Policy Brief, No. 11, Centre for European Policy Studies (CEPS 2010) 4.
9. See Rocco Bellanova and Gloria González Fuster, 'Politics of Disappearance: Scanners and (Unobserved) Bodies as Mediators of Security Practices' (2013) 7 International Political Sociology 188.
10. For a recollection of the pros and cons of greater granularity in smart meters, see C Cuijpers and B Koops, 'Smart Metering and Privacy in Europe: Lessons from the Dutch Case' in S. Gutwirth and others (eds), European Data Protection: Coming of Age (?) (Springer 2013) 269.
11. Melvin Kranzberg, 'Technology and History: "Kranzberg's Laws"' (1995) 15 Bulletin of Science, Technology and Society 5-13
12. Albrechtslund, Anders, 'Ethics and Technology Design' (2007) 9 Ethics and Information Technology 63-72.
13. See also L. Winner, 'Do Artifacts Have Politics?' (1980) 109 Daedalus 121.
14. See Dino Pedreschi, S Ruggieri and F Turini, 'Discrimination-aware Data Mining', Proceedings of KDD'08, (2008) ACM 560
15. Bettina Berendt and Preibusch Sören, 'Better decision support through exploratory discrimination-aware data mining: foundations and empirical evidence' (June 2014) 22 (2) Artificial Intelligence and Law 175.
16. For a seminal article on the legal issues associated with profiling and data mining, see Tal Zarsky, '"Mine your own business!": Making the case for the implication of the data mining of personal information in the forum of public opinion' (2003) 5 (1) Yale Journal of Law and Technology 1.
17. https://fra.europa.eu/en/opinion/2011/fra-opinion-proposal-passenger-name-record-pnr-directive.
18. See also Paul De Hert and Vagelis Papakonstantinou, 'The Police and Criminal Justice Data Protection Directive: Comment and Analysis' (2012) 22 Computers & Law Magazine of the SCL 21.
19. European Commission, 'A comprehensive approach on personal data protection in the European Union', COM (2010) 609 final, Brussels, 2010, 6
20. David Wright and Charles Raab, 'Privacy Principles, Risks and Harms' (2014) 28 International Review of Law, Computers & Technology 3. DOI: 10.1080/13600869.2014.913874., http://www.tandfonline.com/doi/full/10.1080/13600869.2014.913874.
21. P De Hert and S Gutwirth, 'Data Protection in the Case Law of Strasbourg and Luxembourg: Constitutionalism in Action', in S Gutwirth and others (eds), Reinventing Data Protection? (Springer 2002) 3
22. Raphaël Gellert and Gutwirth Serge, 'Beyond accountability, the Return to Privacy?', in Daniel Guagnin and others. Managing Privacy through Accountability (Palgrave Macmillan 2012) 261.
23. Gloria González Fuster and Raphael Gellert, 'The Fundamental Right of Data Protection in the European Union: in Search of an Uncharted Right', (2012) 26 International Review of Law, Computers & Technology 73.
24. For a similar critical appraisal of data protection, see Paul De Hert and Serge Gutwirth, 'Privacy, Data Protection and Law Enforcement: Opacity of the Individuals and Transparency of Power', in E Claes, A Duff and S Gutwirth (eds), Privacy and the Criminal Law (Intersentia 2006) 61
25. The most prominent ones in Europe are: The Gallup Organization, 'Data Protection in the European Union: Citizens Perceptions' (2008) Flash Eurobarometer 225, Brussels
26. TNS Opinion & Social, 'Attitudes on Data Protection and Electronic Identity in the European Union' (2011) Special Eurobarometer 359, Brussels.
27. See Daniel J Solove, The Digital Person (New York University Press 2004).
28. Minas Samatas, 'Studying Surveillance in Greece: Methodological and Other Problems Related to an Authoritarian Surveillance Culture' (2005) 3 Surveillance & Society 181
29. James Backhouse and Ruth Halperin, 'A Survey on EU Citizen's Trust in ID Systems and Authorities', FIDIS Deliverable 4.4 (London School of Economics and Political Science 2007).
30. Oliver Murphy, 'A Surveillance Society: Qualitative Research Report', Report prepared for COI on behalf of ICO (Information Commissioner's Office 2007).
31. Anders Jacobi and Mikkel Holst, 'Synthesis Report - Interview Meetings on Security Technology and Privacy' (2008) PRISE Deliverable 5.8
32. Lee S Strickland and Laura E Hunt, 'Technology, Security, and Individual Privacy: New Tools, New Threats, and New Public Perceptions' (2005) 56 Journal of the American Society for Information Science and Technology 221.
33. 'Public Attitudes Toward the Uses of Biometric Identification Technologies by Government and the Private Sector', Summary of Survey Findings for SEARCH (2002).
34. Backhouse and Halperin (n 37); Mary J Culnan and Pamela K. Armstrong, 'Information Privacy Concerns, Procedural Fairness, and Impersonal Trust: an Empirical Investigation' (1999) 10 Organization Science 104.
35. Petter Bae Brandtzaeg and Marika Lüders, 'Privacy 2.0: personal and consumer protection in the new media reality' (2009) Norwegian Consumer Commission, Oslo; Strickland and Hunt (n 38).
36. Jacobi and Holst (n 38) 23; Lieberman Research Group, 'UNISYS Security Index: UK' (2010) Unisys Corporation.
37. This surveillance impact assessment guidance draws on D Wright and K Wadhwa, 'A Step-by-step Guide to Privacy Impact Assessment' (2012) Second PIAF workshop, Sopot, Poland, ISO 27005, ISO 31000, CNIL's privacy risk methodology, ENISA's risk management guidance, NIST 800-30 and EBIOS.
38. For a more comprehensive description of the assessment process, see David Wright and Charles Raab, 'Constructing a Surveillance Impact Assessment' (2012) 28 Computer Law & Security Review 613
39. David Wright and others, "Integrating Privacy Impact Assessment in Risk Management" (2014) 4 International Data Privacy Law 155
40. David Wright, 'Making Privacy Impact Assessment More Effective' (2013) 29 The Information Society 307.
41. Rachel Finn, David Wright and Michael Friedewald, 'Seven types of privacy', in S Gutwirth, R Leenes, P De Hert and others (eds), European data protection: coming of age? (Springer 2013) 3.