摘要:The European Commission is revising the EU’s data protection framework. One of the changes concerns privacy impact assessment (PIA). This paper argues that the European Commission and the EU Member States should draw on the experience of other countries that have adopted PIA policies and methodologies to construct its own framework. There are similarities and differences in the approaches of Australia, Canada, Ireland, New Zealand, the UK and US, the countries with the most experience in PIA. Each has its strong points, but also shortcomings. Audits have identified some of the latter in the instance of Canada. This paper provides a comparative analysis of the six countries to identify some of the best elements that could be used to improve Article 33 in European Commission’s proposed Data Protection Regulation.
关键词:privacy impact assessment; data protection impact assessment; compliance check; stakeholder consultation; risk management; Data Protection Regulation