The accountability principle in data protection regulation: Origin, development and future directions

Managing Privacy Through Accountability

Volumn , Issue , 2012, Pages 49-82

  Alhadeff, Joseph ^a   Van Alsenoy, Brendan ^b   Dumortier, Jos ^c  

^a ORACLE CORPORATION   (United States)

^b Faculty of Law ^*

^c Faculty of Law   (Belgium)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 85016755131     PISSN: None     EISSN: None     Source Type: Book    
DOI: 10.1057/9781137032225_4     Document Type: Chapter

References (72)

1. Organisation for Economic Co-operation and Development (OECD), ‘Recommendation of the Council concerning Guidelines governing the protection of privacy and transborder flows of personal data’, 23 September 1980, available at http://www.oecd.org/document/18/0,3343, en_2649_34255_1815186_1_1_1_1,00.html. Accessed 30 November 2010.
2. Article 29 Data Protection Working Party, ‘Opinion 3/2010 on the principle of accountability’, WP 173, 13 July 2010, 3, available at http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2010/wp173_en.pdf. Accessed 8 February 2011.
3. European Commission, Communication from the Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions, ‘A comprehensive approach on personal data protection in the European Union’, November 2010, Brussels, COM(2010) 609 final, 12, available at http://ec.europa.eu/justice/news/consulting_public/0006/com_2010_609_en.pdf. Accessed 30 November 2010.
4. European Commission, Communication from the Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions, ‘A comprehensive approach on personal data protection in the European Union’, November 2010, Brussels, COM(2010) 609 final, 12, available at http://ec.europa.eu/justice/news/consulting_public/0006/com_2010_609_en.pdf. Accessed 30 November 2010 p. 11.
5. Article 29 Data Protection Working Party, ‘Opinion 3/2010 on the principle of accountability’, p. 3.
6. Centre for Information Policy Leadership (CIPL), ‘Data protection accountability: the essential elements a document for discussion,’ The Galway Project, 5-6 October 2009, available at http://www.huntonfiles.com/files/webupload/CIPL_Galway_Accountability_Paper.pdf. Accessed 20 November 2010;
7. P.M. Schwartz, ‘Managing global data privacy: cross-border information flows in a networked environment,’ a working paper by The Privacy Projects, October 2009;
8. Pearson and A. Charlesworth, ‘Accountability as a way forward for privacy protection in the cloud’ in Cloud Computing. First International Conference. CloudCom 2009, (eds) M. G. Jaatun, G. Zhao, and C. Rong (New York: Springer, 2009), pp.134-41.
9. C. Kuner, ‘Developing an adequate legal framework for international data transfers,’ in Reinventing Data Protection?, (eds) S. Gutwirth, Y. Poullet, P. De Hert, C. de Terwangne and S. Nouwt (Dordrecht: Springer Science+Business Media, 2009), pp. 263-73.
10. J. Koppell, ‘Pathologies of accountability: icann and the challenge of “multiple accountabilities disorder”,’ Public Administration Review, vol. 65 (2005):, pp. 94-9;
11. R. Mulgan, '“Accountability”: an everexpanding concept?,' Public Administration, 2000, vol. 78, pp. 555-6.
12. A. Sinclair, ‘The chameleon of accountability: forms and discourses,’ Accounting, Organizations and Society, 1995, vol.20, p. 219;
13. M. Bovens, ‘Analysing and assessing accountability: a conceptual framework,’ European Law Journal, 2007, vol. 13, p. 448.
14. Oxford English Dictionary. Second edition (1989) (online version accessed 3 March 2011; http://www.oed.com).
15. M. J. Dubnick, ‘Seeking salvation for accountability,’ Paper prepared for delivery at the 2002 Annual Meeting of the American Political Science Association, 29 August to 1 September 2002, Boston, pp. 1-2, available at http://mjdubnick.dubnick.net/papers/2002/salv2002.pdf. Accessed 28 November 2010.
16. M. J. Dubnick, ‘Seeking salvation for accountability,’ Paper prepared for delivery at the 2002 Annual Meeting of the American Political Science Association, 29 August to 1 September 2002, Boston, pp. 1-2, available at http://mjdubnick.dubnick.net/papers/2002/salv2002.pdf. Accessed 28 November 2010, p. 2.
17. S. Pearson and A. Charlesworth, ‘Accountability as a way forward for privacy protection, p. 134
18. P. Malone and B. Jennings, ‘Distributed accountability model for digital ecosystems’ in Second IEEE International Conference on Digital Ecosystems and Technologies (Phitsanulok: IEEE/IET Electronic Library (IEL), VDE VERLAG Conference Proceedings 2008, pp. 452-3.)
19. G. Miklau, B. Levine and P. Stahlberg, ‘Securing history: privacy and accountability in database systems’ (paper presented at 3rd Biennial Conference on Innovative Data Systems Research (CIDR), Asilomar, California, USA, 7-10 January 2007, p. 387. Online Proceedings: www.crdrdb.org.)
20. J.S. Lerner and P.E. Tetlock, ‘Accounting for the effects of accountability,’ Psychological Bulleti 1999, vol. 125, p. 255.
21. M. Bovens, ‘Analysing and assessing accountability: a conceptual framework,’ 449-50.
22. A. Sinclair, ‘The chameleon of accountability: forms and discourses,’ pp. 220-1;
23. R. Mulgan, '“Accountability”: an ever-expanding concept?,' pp. 555-6
24. M. Bovens, ‘Analysing and assessing accountability: a conceptual framework,’ p. 450.
25. M. Bovens, ‘Analysing and assessing accountability: a conceptual framework,’ p. 451;
26. R. Mulgan, '“Accountability”: an ever-expanding concept?,' p. 556;
27. A. Schedler, ‘Conceptualizing accountability’ in The Self-Restraining state: Power and Accountability in New Democracies, (eds) A. Schedler, L. J. Diamond and M. F. Plattner (Boulder: Rienner, 1999, p.16).
28. R. Mulgan, '“Accountability”: an ever-expanding concept?,' p. 556.
29. M. Bovens, ‘Analysing and assessing accountability: a conceptual framework,’ p. 452.
30. Office of the Auditor General of Manitoba, ‘Mechanisms and practices for ensuring the accountability of legislative auditors,’ p. 2, available at http:// www.oag.mb.ca/reports/Mechanisms-and-Practices.pdf. Accessed 3 April 2011.
31. A. Gray and W. I. Jenkins, Administrative Politics in British Government (Sussex: Whitesheaf books, 1985), pp. 137-9.
32. K. S. Selmer, ‘Realising data protection’ in 25 Years Anniversary Anthology in Computers and Law, (eds) J. Bing and O. Torvund (Oslo: TANO, 1995): p. 63.
33. P. De Hert and S. Gutwirth, ‘Privacy, data protection and law enforcement. Opacity of the individual and transparency of power,’ in, Privacy and the Criminal Law, (eds) E. Claes, A. Duff and S. Gutwirth (Antwerpen/Oxford: Intersentia, 2006), p. 77.
34. Explanatory Memorandum, at paragraph 62, available at http://www.oecd.org/document/18/0,3343, en_2649_34255_1815186_1_1_1_1,00. html#memorandum. Accessed 30 November 2010.
35. Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) (S.C. 2000, c. 5), available at http://laws.justice.gc.ca/PDF/Statute /P/P-8.6.pdf. Accessed 30 November 2010.
36. (Office of the Privacy Commissioner of Canada, ‘PIPEDA - A guide for businesses and organisations,’ 5 September 2009, available at http://www.priv.gc.ca/information/guide _ e.cfm # contenttop. Accessed 5 December 2010).
37. See clause 4.1.4 of Schedule 1 PIPEDA. The Office of the Privacy Commissioner of Canada has issued a self-assessment tool to help organisations evaluate and improve their personal information management systems and practices (available at http://www.priv.gc.ca/information /pub/ar-vr/pipeda_sa_tool_200807_e.pdf).
38. Office of the Privacy Commissioner of Canada, ‘PIPEDA - Processing Personal Data across Borders Guidelines,’ 2009, p. 8, available at http://www.priv.gc.ca /information/guide/2009/gl_dab_090127_e.pdf. Accessed 1 December 2010.
39. Electronic Commerce Steering Group (ECSG), ‘APEC Privacy Framework,’ 2005, available at http://publications.apec.org/publication-detail.php?pub_ id=390. Accessed 5 December 2010.
40. Electronic Commerce Steering Group (ECSG), ‘APEC data privacy pathfinder projects implementation work plan’, 2008/SOM1/ECSG/024, 2008, p. 1 available at http://www.apec.org/Home/Groups/Committee-on-Trade-and-Investment/Electronic-Commerce-Steering-Group. Accessed 5 December 2010.
41. Electronic Commerce Steering Group (ECSG), ‘APEC data privacy pathfinder projects implementation work plan,’ p. 1. A complete overview of the Implementation Workplan of the APEC Data Privacy Pathfinder projects can be found at http://www.apec.org/Home /Groups/Committee-on-Trade-and-Investment/Electronic-Commerce-Steering-Group Accessed 9 November 2011.
42. http://ec.europa.eu/justice/policies /privacy/docs/wpdocs/2003/wp74_en.pdf. Accessed 5 December 2010.
43. P. J. Bruening, ‘APEC roundup: update on accountability agents in implementation of the apec framework, development of pathfinder projects, more,’ Privacy & Security Law 9, 2010, pp. 3-4.
44. Electronic Commerce Steering Group (ECSG), ‘APEC data privacy pathfinder projects implementation work plan,’ p. 1.
45. CIPL, ‘Data protection accountability: the essential elements a document for discussion,’ pp. 5-6.
46. CIPL, ‘Data protection accountability: the essential elements a document for discussion,’ p. 8.
47. CIPL, ‘Demonstrating and measuring accountability - a discussion document,’ The Paris Project, 3 October 2010, available at http:// www.huntonfiles.com/files/webupload/CIPL_Accountability_Phase_II_ Paris_Project.PDF. Accessed 20 November 2010.
48. CIPL, ‘Demonstrating and measuring accountability - a discussion document,’ pp. 6-7.
49. International Conference of Data Protection and Privacy Commissioners, ‘Resolution calling for the organisation of an intergovernmental conference with a view to developing a binding international instrument on privacy and the protection of personal data,’ Jerusalem, Israel, 27-29 October, 2010, available at http://www.justice.gov.il/NR/rdonlyres/F8A79347-170C-4EEF-A0AD-155554558A5F/26499/ResoutiononInternationalConference.pdf. Accessed 5 December 2010.
50. Article 29 Data Protection Working Party, ‘Opinion 3/2010 on the principle of accountability,’ p. 2.
51. Article 29 Data Protection Working Party, ‘Opinion 3/2010 on the principle of accountability,’ paragraph 34.
52. Article 29 Data Protection Working Party, ‘Opinion 3/2010 on the principle of accountability,’ paragraph 30.
53. Article 29 Data Protection Working Party, ‘Opinion 3/2010 on the principle of accountability,’ paragraph 30.
54. Article 29 Data Protection Working Party, ‘Opinion 3/2010 on the principle of accountability,’ paragraph 42.
55. Article 29 Data Protection Working Party, ‘Opinion 3/2010 on the principle of accountability, paragraph 50.
56. Article 29 Data Protection Working Party, ‘Opinion 3/2010 on the principle of accountability, paragraph 44-5.
57. Article 29 Data Protection Working Party, ‘Opinion 3/2010 on the principle of accountability, paragraph 50.
58. Article 29 Data Protection Working Party, ‘Opinion 3/2010 on the principle of accountability, paragraph 55.
59. M. Crompton, ‘The Australian Dodo case: an insight for data protection regulation,’ World Data Protection Report 9, 2009, pp. 5-9.
60. Thomas to N. Robinson, H. Graux, M. Botterman and L. Valeri, ‘Review of EU Data Protection Directive: Summary,’ 2 May 2009, available at http:// www.ico.gov.uk/upload/documents/library/data_protection/detailed_ specialist_guides/review_of_eu_dp_directive_summary.pdf. Accessed 3 May 2010.
61. Article 29 Data Protection Working Party, ‘Opinion 3/2010 on the principle of accountability,’ paragraph 26.
62. C. Bennet, ‘International privacy standards: can accountability be adequate?,’ Privacy Laws and Business International, 2010, vol. 106, pp. 21-3.
63. C. Bennet, ‘International privacy standards: can accountability be adequate?,’ Privacy Laws and Business International, 2010, vol. 106, p. 60.
64. C. Bennet, ‘International privacy standards: can accountability be adequate?,’ Privacy Laws and Business International, 2010, vol. 106, paragraph 65.
65. Article 29 Data Protection Working Party, ‘Opinion 1/2010 on the concepts of “controller and “processor”,’ WP169, 16 February 2010, 4, available at http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2010/wp169_ en.pdf. Accessed 3 March 2010.
66. “A comprehensive approach on personal data protection in the European Union”,' paragraph 99, available at http: //www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents /Consultation/Opinions/2011/11-01-14_Personal_Data_Protection_EN.pdf. Accessed 10 December 2010.
67. C. Kuner, ‘Regulation of transborder data flows under data protection and privacy law: past, present, and future,’ TILT (Tilburg Institute for Law, Technology and Society) Law & Technology Working Paper Series, 16, available at http://www.tilburguniversity.edu/research/institutes-and-research-groups /tilt/publications/workingpapers/ckuner16.pdf. Accessed 3 March 2011.
68. ‘Model Contracts for the transfer of personal data to third countries,’ European Commission DG Justice, accessed 20 December 2010, http: //ec.europa.eu/justice/policies/privacy/modelcontracts/index_en.htm.
69. Article 29 Data Protection Working Party, ‘Working Document: Transfers of personal data to third countries: Applying article 26 (2) of the EU Data Protection Directive to Binding Corporate Rules for International Data Transfers,’ WP 74, 7 June 2003, available at http://ec.europa.eu/justice/policies /privacy/docs/wpdocs/2003/wp74_en.pdf. Accessed 20 December 2010.
70. Article 29 Data Protection Working Party, ‘Working Document: Transfers of personal data to third countries: Applying article 26 (2) of the EU Data Protection Directive to Binding Corporate Rules for International Data Transfers,’ WP 74, 7 June 2003, available at http://ec.europa.eu/justice/policies /privacy/docs/wpdocs/2003/wp74_en.pdf. p. 3.
71. ‘Overview - BCR,’ European Commission DG Justice, http://ec.europa. eu/justice/policies/privacy/binding_rules/index_en.htm. Accessed 20 December 2010.
72. C. Kuner, ‘Developing an adequate legal framework for international data transfers,’ pp. 263-73.