数据保护影响评估:一种元监管方法

Information Privacy Law eJournal Pub Date : 2016-12-13 DOI:10.1093/IDPL/IPW027

Reuben Binns

{"title":"数据保护影响评估:一种元监管方法","authors":"Reuben Binns","doi":"10.1093/IDPL/IPW027","DOIUrl":null,"url":null,"abstract":"• Privacy and Data Protection Impact Assessments (PIAs/DPIAs) are tools for organisations to manage privacy risks. They emerged in various jurisdictions from the 1980s, initially as a purely voluntary measure. DPIAs are now set to become a mandatory requirement in certain circumstances under the European General Data Protection Regulation (GDPR). This article addresses impact assessments from the perspective of regulatory theory. Their transition from a voluntary tool to a mandatory requirement raises questions about their purpose and role, as well as implications for the direction of data protection in Europe more generally. \n• Previous analyses have tended to assess such impact assessments in relation to a limited set of regulatory categories, namely self-regulation, command-and-control regulation, or some form of 'co-regulation'. Drawing from regulatory theory, this article suggests a more nuanced account of the mandatory impact assessment regime outlined in the GDPR. \n• It argues that this regime can be understood as a form of 'meta-regulation'. The final section draws on a framework for assessing the prospects of meta-regulation, in order to assess the prospects for a meta-regulatory approach to impact assessments.","PeriodicalId":179517,"journal":{"name":"Information Privacy Law eJournal","volume":"71 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"34","resultStr":"{\"title\":\"Data Protection Impact Assessments: A Meta-Regulatory Approach\",\"authors\":\"Reuben Binns\",\"doi\":\"10.1093/IDPL/IPW027\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"• Privacy and Data Protection Impact Assessments (PIAs/DPIAs) are tools for organisations to manage privacy risks. They emerged in various jurisdictions from the 1980s, initially as a purely voluntary measure. DPIAs are now set to become a mandatory requirement in certain circumstances under the European General Data Protection Regulation (GDPR). This article addresses impact assessments from the perspective of regulatory theory. Their transition from a voluntary tool to a mandatory requirement raises questions about their purpose and role, as well as implications for the direction of data protection in Europe more generally. \\n• Previous analyses have tended to assess such impact assessments in relation to a limited set of regulatory categories, namely self-regulation, command-and-control regulation, or some form of 'co-regulation'. Drawing from regulatory theory, this article suggests a more nuanced account of the mandatory impact assessment regime outlined in the GDPR. \\n• It argues that this regime can be understood as a form of 'meta-regulation'. The final section draws on a framework for assessing the prospects of meta-regulation, in order to assess the prospects for a meta-regulatory approach to impact assessments.\",\"PeriodicalId\":179517,\"journal\":{\"name\":\"Information Privacy Law eJournal\",\"volume\":\"71 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-12-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"34\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Information Privacy Law eJournal\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1093/IDPL/IPW027\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Privacy Law eJournal","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1093/IDPL/IPW027","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 34

摘要

•隐私和数据保护影响评估(PIAs/DPIAs)是组织管理隐私风险的工具。从20世纪80年代开始，它们出现在各个司法管辖区，最初是一项纯粹的自愿措施。根据欧洲通用数据保护条例(GDPR)， DPIAs现在已成为某些情况下的强制性要求。本文从监管理论的角度论述了影响评估。它们从自愿工具向强制性要求的转变引发了对其目的和作用的质疑，以及对欧洲更普遍的数据保护方向的影响。•以前的分析倾向于根据一组有限的监管类别来评估这种影响评估，即自我监管、命令和控制监管或某种形式的“共同监管”。根据监管理论，本文建议对GDPR中概述的强制性影响评估制度进行更细致入微的描述。•它认为这种制度可以被理解为一种“元监管”形式。最后一节借鉴了评估元监管前景的框架，以评估影响评估的元监管方法的前景。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Data Protection Impact Assessments: A Meta-Regulatory Approach

• Privacy and Data Protection Impact Assessments (PIAs/DPIAs) are tools for organisations to manage privacy risks. They emerged in various jurisdictions from the 1980s, initially as a purely voluntary measure. DPIAs are now set to become a mandatory requirement in certain circumstances under the European General Data Protection Regulation (GDPR). This article addresses impact assessments from the perspective of regulatory theory. Their transition from a voluntary tool to a mandatory requirement raises questions about their purpose and role, as well as implications for the direction of data protection in Europe more generally. • Previous analyses have tended to assess such impact assessments in relation to a limited set of regulatory categories, namely self-regulation, command-and-control regulation, or some form of 'co-regulation'. Drawing from regulatory theory, this article suggests a more nuanced account of the mandatory impact assessment regime outlined in the GDPR. • It argues that this regime can be understood as a form of 'meta-regulation'. The final section draws on a framework for assessing the prospects of meta-regulation, in order to assess the prospects for a meta-regulatory approach to impact assessments.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Information Privacy Law eJournal

自引率

0.00%

发文量