A process for data protection impact assessment under the European General Data Protection Regulation

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 9857 LNCS, Issue , 2016, Pages 21-37

  Bieker, Felix ^a   Friedewald, Michael ^b   Hansen, Marit ^a   Obersteller, Hannah ^a   Rost, Martin ^a  

^a UNIVERSITY HOSPITAL SCHLESWIG HOLSTEIN   (Germany)

^b FRAUNHOFER INSTITUTE FOR SYSTEMS AND INNOVATION RESEARCH ISI   (Germany)

Author keywords

Data Protection; Data Protection Impact Assessment; General Data Protection Regulation; Privacy; Privacy Impact Assessment

Indexed keywords

ARTIFICIAL INTELLIGENCE; COMPUTER SCIENCE; COMPUTERS; DATA PRIVACY;

DATA PROTECTION IMPACT ASSESSMENTS; GENERAL DATA PROTECTION REGULATIONS; IMPACT ASSESSMENTS; LEGAL OBLIGATIONS;

LAWS AND LEGISLATION;

EID: 84988660508     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-319-44760-5_2     Document Type: Conference Paper

References (20)

1. European Commission: Recommendation of 12 May 2009 on the implementation of privacy and data protection principles in applications supported by radiofrequency identification. OJ L 122/47 of 16 May 2009. http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32009H0387&from=EN
2. European Commission: Recommendation of 9 March 2012 on preparations for the roll-out of smart metering systems. OJ L 73/9 of 13 March 2012. http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32012H0148&from=EN
3. Article 29 Working Party: Opinion 5/2010 on the Industry Proposal for a Privacy and Data Protection Impact Assessment Framework for RFID Applications. WP 175 (2010). http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2010/wp175en.pdf
4. Article 29 Working Party: Opinion 07/2013 on the Data Protection Impact Assessment Template for Smart Grid and Smart Metering Systems (‘DPIA Template’) prepared by Expert Group 2 of the Commission’s Smart Grid Task Force. WP 209 (2013). http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2013/wp209en.pdf
5. Wright, D., De Hert, P. (eds.): Privacy Impact Assessment. Springer, Heidelberg (2012)
6. ISO/IEC 29134: Information technology-Security techniques-Privacy impact assessment-Guidelines. ISO/IEC, International Organization for Standardization (2016)
7. ICO (Information Commissioner’s Office): Conducting privacy impact assessments code of practice. ICO (2014). https://ico.org.uk/media/for-organisations/documents/1595/pia-code-of-practice.pdf
8. CNIL (Commission Nationale de l’Informatique et des Libertés): Privacy Impact Assessment: Methodology (how to carry out a PIA). CNIL (2015). http://www.cnil.fr/fileadmin/documents/en/CNIL-PIA-1-Methodology.pdf
9. Friedewald, M., Bieker, F., Nebel, M., Obersteller, H., Rost, M.: Datenschutz-Folgenabschätzung-Ein Werkzeug für einen besseren Datenschutz. Forum Privatheit und selbstbestimmtes Leben in der digitalen Welt, Karlsruhe (2016). https://www.forum-privatheit.de
10. Wright, D., Gellert, R., Bellanova, R., Gutwirth, S., Langheinrich, M., Friedewald, M., Hallinan, D., Venier, S., Mordini, E.: Privacy Impact Assessment and Smart Surveillance: A State of the Art Report, Deliverable 3.1 SAPIENT Project (2013). http://www.sapient-project.eu
11. Wadhwa, K., Rodrigues, R.: Evaluating privacy impact assessments. Innov. Eur. J. Soc. Sci. Res. 26(1-2), 161-180 (2013)
12. Wright, D., Friedewald, M., Gellert, R.: Developing and testing a surveillance impact assessment methodology. Int. Data Priv. Law 5(1), 40-53 (2015)
13. AK Technik der Konferenz der Datenschutzbeauftragten des Bundes und der Länder, Schulz, G., Rost, M.: Das Standard-Datenschutzmodell-der Weg vom Recht zur Technik: Ein Datenschutzwerkzeug für Aufsichtsbehörden und verantwortliche Stellen (2015). https://www.datenschutzzentrum.de/uploads/sdm/SDMTagungsband2015Hannover.pdf
14. Hansen, M., Jensen, M., Rost, M.: Protection goals for privacy engineering. In: 2015 International Workshop on Privacy Engineering (IWPE), Security and Privacy Workshops (SPW), pp. 159-166. IEEE (2015)
15. Rost, M., Pfitzmann, A.: Datenschutz-Schutzziele-revisited. DuD-Datenschutz und Datensicherheit 33, 353-358 (2009)
16. Rost, M., Bock, K.: Privacy by Design and the New Protection Goals, EuroPriSe Whitepaper (2011). https://www.european-privacy-seal.eu/AppFile/GetFile/ca6cdc46-d4dd-477d-9172-48ed5f54a99c
17. Hansen, M.: Top 10 mistakes in system design from a privacy perspective and privacy protection goals. In: Camenisch, J., Crispo, B., Fischer-Hübner, S., Leenes, R., Russello, G. (eds.) Privacy and Identity 2011. IFIP AICT, vol. 375, pp. 14-31. Springer, Heidelberg (2012)
18. Danezis, G., Domingo-Ferrer, J., Hansen, M., Hoepman, J.H., Le Métayer, D., Tirtea, R., Schiffner, S.: Privacy and Data Protection by Design-from policy to engineering, ENISA (2014). https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/privacy-and-data-protection-by-design/atdownload/fullReport
19. Bundesamt für Sicherheit in der Informationstechnik (Federal Office for Information Security): BSI-Standard 100-2, IT-Grundschutz Methodology (2008). https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/BSIStandards/standard 100-2epdf.pdf
20. Probst, T.: Generische Schutzmaßnahmen für Datenschutz-Schutzziele. DuD-Datenschutz und Datensicherheit 36, 439-444 (2012)