The Many Shades of Impact Assessments

The Many Shades of Impact Assessments

Data protection by design is one of the cornerstones of the reform that led to the adoption of the GDPR. Yet, the very nature of that obligation, coupled with the broad wording used by the EU legislator, makes substantiating data protection by design particularly complex. This paper is the second pa...

Full description

Saved in:
Bibliographic Details
Published in:Technology and Regulation Vol. 2024
Main Author: Pierre Dewitte
Format: Journal Article
Language:English
Published: openjournals.nl 01-09-2024
Subjects:
Accountability
Case law review
Data protection by design
decisions repository
GDPR
Responsibility
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Data protection by design is one of the cornerstones of the reform that led to the adoption of the GDPR. Yet, the very nature of that obligation, coupled with the broad wording used by the EU legislator, makes substantiating data protection by design particularly complex. This paper is the second part a two-paper series that explores the intricacies of Article 25(1) GDPR. While the first entry delved into the history and role of data protection by design, this paper aims to clarify the material scope of that provision. It does so by analysing the three core components of Article 25(1) GDPR in light of the findings of a case law review spanning 177 administrative and judicial decisions issued by 26 supervisory authorities in 24 countries between the entry into force of the GDPR and 31 December 2023. That process exposed the role of data protection by design as a proxy to Fundamental Rights Impact Assessments and shed light on its added value in guaranteeing the flexibility and future-proofness of the Regulation.
ISSN:2666-139X
DOI:10.26116/techreg.2024.018