Approaches to Impact Assessment

Similar documents
The RFID agenda of the European Commission. Florent Frederix European Commission Directorate General Information Society and Media

RECOMMENDATIONS COMMISSION

COMMISSION OF THE EUROPEAN COMMUNITIES COMMISSION RECOMMENDATION. of

Records and Document Management

Domestic Regulation and Professional Services

Big Data Quality Assurance

Quality Factors in Big Data and Big Data Analytics and Their Legal Implications

The Role and Function of a Data Protection Officer in the European Commission s Proposed General Data Protection Regulation. Initial Discussion Paper

EUROPEAN COMMISSION Directorate General Internal Market and Services. CAPITAL AND COMPANIES Audit and Credit Rating Agencies

Supplementary Policy on Data Breach Notification Legislation

H2020-LEIT-ICT WP Big Data PPP

5439/15 PT/ek 1 DG E

H2020-LEIT-ICT WP ICT 14, 15, 17,18. Big Data PPP

In which new or innovative ways do you think RPAS will be used in the future?

Our Commitment to Information Security

EUROPEAN COMMISSION ENTERPRISE AND INDUSTRY DIRECTORATE-GENERAL. Space, Security and GMES Security Research and Development

legal & ethical data sharing prof.dr. Ronald Leenes r.e.leenes@uvt.nl TILT - Tilburg Institute for Law, Technology, and Society

Business Continuity Management Policy

Corporate Governance Framework June 2015

UC PRIVACY AND INFORMATION SECURITY STEERING COMMITTEE OCTOBER 25, 2010

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

IT Governance Charter

Inquiry into the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014

BCS, The Chartered Institute for IT Consultation Response to:

Corporate Governance Guidelines

UK data retention requirements

CYBER LIABILITY CLAIMS

COUNCIL OF THE EUROPEAN UNION. Brussels, 22 November /06 DATAPROTECT 45 EDPS 3

How To Understand And Understand The European Priorities In Information Security

Setting the legal context for telemedicine in the EU

Honourable members of the National Parliaments of the EU member states and candidate countries,

Information Governance Policy

The RFID Revolution: Your voice on the Challenges, Opportunities and Threats. Online Public Consultation Preliminary Overview of the Results

COMMISSION OF THE EUROPEAN COMMUNITIES. Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Comments and Responses by FoeBuD for the EU Consultation on RFID, April 2008

DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy

IAM Endorsed Training

Research Topics in the National Cyber Security Research Agenda

Civil Aviation Authority. Regulatory Enforcement Policy

CoE/EU Eastern Partnership Programmatic Co-operation Framework (PCF) Theme II Ensuring Justice

Version Number Date Issued Review Date V1 25/01/ /01/ /01/2014. NHS North of Tyne Information Governance Manager Consultation

ICTLECOMM 2010 Introduction to the E-commerce Law Course Maryke Silalahi Nuth Norwegian Research Centre for Computers & Law 2 February 2010

BEREC work to develop European net neutrality guidelines

Application Guidance CCP Penetration Tester Role, Practitioner Level

Bringing European values to the Internet of Things

DELEGATED REGULATION (EU)

Document and Records Management Systems

Comments and proposals on the Chapter IV of the General Data Protection Regulation

The audit and inspection of local authorities

RFID and Privacy Impact Assessment (PIA)

Background on ISO Process Quality Standards

List of Guiding Principles Promoting Good Governance in the Pharmaceutical Sector 1

PROTOCOL TO THE CYPRUS ARRANGEMENTS ON THE PARTICIPATION OF THE EUROPEAN AVIATION SAFETY AGENCY

THE ROLE OF CORPORATE SOCIAL SUSTAINABILITY IN MODERN

The problem of cloud data governance

The performance of the Australian Securities and Investments Commission Submission 202

Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation

Privacy Policy. January 2014

Value of the EU Data Protection Reform against the Big Data challenges. Keynote address 5th European Data Protection Days Berlin, 4.5.

INFORMATION MANAGEMENT STRATEGIC FRAMEWORK GENERAL NAT OVERVIEW

The New Zealand Human Services Quality Framework - ISO9002:2008 to 2012

Briefing Initial Appraisal of a European Commission Impact Assessment

ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe. CENTR General Assembly, Brussels October 4, 2012

Business Continuity Management

Corporate Policy and Strategy Committee

SABPP IT GOVERNANCE COMMITTEE TERMS OF REFERENCE

Response of the Northern Ireland Human Rights Commission on the Health and Social Care (Control of Data Processing) NIA Bill 52/11-16

Sydney Brisbane Perth Adelaide Melbourne

Guideline on good pharmacovigilance practices (GVP)

Standards and accreditation. Tools for delivering better regulation

DRAFT DATA RETENTION AND INVESTIGATORY POWERS BILL

Corporate Governance Standard for the Civil Service

High Representative of the Union for Foreign Policy and Security Policy/Vice-President of the European Commission

How To Be Accountable To The Health Department

Hans Bos Microsoft Nederland.

The Concept of Quality in Clinical Research. Dorota Śwituła Senior Clinical Quality Assurance Advisor

Information Governance Strategy :

Briefly summarised, SURFmarket has submitted the following questions to the Dutch DPA:

FSPFCC04(SQA Unit Code-F88P 04) Ensure you comply with regulations in your financial services environment

Australian Research Council. Client Service Charter

GLOBAL CONFERENCE ON CYBERSPACE 2015 CHAIR S STATEMENT

Information Governance Strategy & Policy

Information Governance Framework

Policy Checklist. Head of Information Governance

INFORMATION GOVERNANCE POLICY

Department of Infrastructure and Planning: Governance Framework for Infrastructure Delivery Special Purpose Vehicles

Consequence Management

Independent Liquor & Gaming Authority Casino Compliance & Enforcement Policy

Government Access to Personal Medical Information Task Force C.R.S (as amended by HB )

BS EN Energy Management Systems VICTORIA BARRON, PRODUCT MARKETING MANAGER, BSI

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

(Joint) Information Management Strategy April 2014

Digital Pathways. Harlow Enterprise Hub, Edinburgh Way, Harlow CM20 2NQ

The EBF would like to take the opportunity to note few general remarks on key issues as follows:

E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY

State of Minnesota. Enterprise Security Program Policy. Office of Enterprise Technology. Enterprise Security Office Policy. Version 1.

Option Table - Directive on Statutory Audits of Annual and Consolidated Accounts

Health Data Governance: Privacy, Monitoring and Research - Policy Brief

PUBLIC HEALTH WALES NHS TRUST CHIEF EXECUTIVE JOB DESCRIPTION

13 th Council of Europe Conference of Ministers responsible for Sport. 18 September 2014

Transcription:

Approaches to Impact Assessment Roger Clarke Xamax Consultancy, Canberra Visiting Professor in Cyberspace Law & Policy, UNSW, Sydney Visiting Professor in Computer Science, ANU, Canberra http://www.rogerclarke.com/sos/ia-1401 {.html,.pdf} Impact Assessment Panels CPDP'14, Brussels 22 January 201 1

Approaches to Impact Assessment Agenda 1. Assessment Categories Business Case Assessment Risk Assessment Technology Assessment Social Impact Assessment Compliance Assessment 2. Test Application to the EC's 'DPIA' Concept 2

Assessment Categories Technology Focus Compliance Focus Project or Proposal Focus Social Impact Focus 3

Assessment Categories Technology Focus RFID Tags / NFC Chips Project or Proposal Focus T in clothes... T in anklets... T in people... Social Impact Focus Impacts of the T or the P on some Asset(s) or Value(s) Compliance Focus Consistency of the T or the P with some (quasi-)legal norm 4

Assessment Categories Technology Focus Compliance Focus Technology Assessment Project or Proposal Focus Business Case Formation Security Impact, aka Threat Risk Assessment (TRA) Social Impact Focus Rights IA Ethical IA Surveillance IA Privacy IA Data Privacy IA 5

Business Case Methods http://www.rogerclarke.com/ec/petsbuscase.html#bc 6

(Threat) Risk Assessment ISO 2700x NIST 800-30 BSI 100-x etc. Yesudas & Clarke http://www.rogerclarke.com/ EC/SG-FRA.html 7

Technology Assessment "A scientific, interactive and communicative process, which aims to contribute to the formation of public and political opinion on societal aspects of science and technology" European Parliamentary Technology Assessment (EPTA) network http://www.eptanetwork.org/ The Key Scoping Factors: The Technologies Considered The Perspectives Reflected The Values Impinged Upon 8

Social Impact Assessment Rights IA UDHR, ICCPR, ICESCR Ethical IA Ethical Issues, Participative Design Surveillance IA Many Values & Ind'ls/Groups/Society Privacy IA All Dimensions of Privacy Data Privacy IA Only the Data Privacy Dimension The Dimensions of Privacy The Physical Person Personal Data Personal Communications Personal Behaviour Personal Experience http://www.rogerclarke.com/dv/intro.html#priv 9

APF's Meta-Principles for Privacy Protection 1. Evaluation 2. Consultation 3. Transparency 4. Justification 5. Proportionality 6. Mitigation 7. Controls 8. Audit http://www.privacy.org.au/papers/ps-metap.html 10

Technology Focus Business Case Formation Project or Proposal Focus Security Impact, aka Threat Risk Assessment (TRA) Assessment Categories Compliance Focus Consistency of the T or the P with some (quasi-)legal norm Social Impact Focus Rights IA Ethical IA Surveillance IA Privacy IA Data Privacy IA 11

Regulatory Forms Statutes, Statutory Codes Industry Codes Customer Delegated & Standards & Standards Charters Legislation Clarke & Bennett Moses http://www.rogerclarke.com/sos/drones-ps.html#r 12

Technology Focus Business Case Formation Project or Proposal Focus Security Impact, aka Threat Risk Assessment (TRA) Social Impact Focus Rights IA Ethical IA Surveillance IA Privacy IA Data Privacy IA Assessment Categories Compliance Focus Regulatory Compliance Org'l Self-Regulation Industry Self-Regulation Co-Regulation Formal Regulation Privacy Law Compliance All Statutes, Delegated Legislation, Common Law Data Protection Law Compliance An EU Directive, a Statute 13

Technology Focus Business Case Formation Project or Proposal Focus Security Impact, aka Threat Risk Assessment (TRA) Social Impact Focus Rights IA Ethical IA Surveillance IA Privacy IA Data Privacy IA Assessment Categories Compliance Focus Regulatory Compliance Org'l Self-Regulation Industry Self-Regulation Co-Regulation Formal Regulation Privacy Law Compliance All Statutes, Delegated Legislation, Common Law Data Protection Law Compliance An EU Directive, a Statute Organisations are under a legal obligation to do this anyway! 14

The EC Data Protection Impact Assessment ('DPIA') The Trigger (Art. 33.1, 33.2, 33.3):! 'risks to the rights and freedoms of data subjects'... 15

The EC Data Protection Impact Assessment ('DPIA') The Trigger (Art. 33.1, 33.2, 33.3):! 'risks to the rights and freedoms of data subjects'... 'An assessment of the impact of the envisaged processing operations on the protection of personal data' (33.1). Hence: not all five dimensions, and not even data privacy, but merely the sub-set that is subject to data protection not driven by social values, but just the minimalist: a mere Data Protection Law Compliance Assessment 16

The EC Data Protection Impact Assessment ('DPIA') The Trigger (Art. 33.1, 33.2, 33.3):! 'risks to the rights and freedoms of data subjects'... 'An assessment of the impact of the envisaged processing operations on the protection of personal data' (33.1). Hence: not all five dimensions, and not even data privacy, but merely the sub-set that is subject to data protection not driven by social values, but just the minimalist: a mere Data Protection Law Compliance Assessment Civil society's views are to be sought, but not reflected (33.4) Wide-ranging exemption for government agencies (33.5) Uncontrolled Commission power to create exceptions (33.6) 17

Approaches to Impact Assessment Agenda 1. Assessment Categories Business Case Assessment Risk Assessment Technology Assessment Social Impact Assessment Compliance Assessment 2. Test Application to the EC's 'DPIA' Concept 18

Approaches to Impact Assessment Roger Clarke Xamax Consultancy, Canberra Visiting Professor in Cyberspace Law & Policy, UNSW, Sydney Visiting Professor in Computer Science, ANU, Canberra http://www.rogerclarke.com/sos/ia-1401 {.html,.pdf} Session on Impact Assessments CPDP'14, Brussels 22 January 201 19

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information