In line with an established tradition that the members of VUB-LSTS partake in the Internationales Rechtsinformatik Symposion IRIS, our Brussels Laboratory for Data Protection & Privacy Impact Assessments (d.pia.lab) will organise – at the upcoming, 21st edition of the IRIS conference – a panel dedicated to the automation of privacy- and data protection impact assessments. The panel will take place on Friday, 23 February 2018 from 16:00 till 17:30 in Salzburg, Austria and will be held in English.
It is well known that the new legal framework for personal data protection in the European Union, applicable from May 2018, brings to the fore a plethora of novel solutions aiming, inter alia, at better safeguarding the interests of individuals whenever their personal data are being handled. One of these novelties is an obligation imposed on data controllers to conduct a data protection impact assessment (DPIA) for those processing operations that could present a “high risk” to the “rights and freedoms of natural persons”. Despite these novelties still posing questions as to their practical application, they already have caused development of dedicated guidance material, templates, tools, etc. – all aimed at making possible and facilitating their usage, including the conduct of a DPIA.
Amongst these, in particular, we have recently observed a proliferation of automated tools for conducting a DPIA. Various software developers have already offered to diverse clients varied pieces of software that – upon being fed with some descriptions, etc. – would help making an analysis of the intended processing operations and often recommend measures to lower the level of risk to the individuals, maximize benefits or even – if possible – to eliminate negative consequences entirely. These tools merit academic attention not only because of their novel character, uncharted potential or vulnerabilities, doubts about their quality and effectiveness, but – more importantly – because their usage has ramifications for the level of protection of individual interests. Thus there is a need to evaluate the extent to which these tools can contribute, if ever, to offering such a protection.
To that end, we want to explore some of the existing software for conducting DPIAs and – more broadly – privacy impact assessments (PIAs). In preparation for this panel, we have invited a number of software developers to make their tools available to us in advance, for analysis and testing. Having done so, we come to this interactive panel with observations, questions, and comments, which we will deliver and discuss right after these invited developers have presented their tools. A discussion with the public will follow.
The following software developers have kindly accepted our invitation: Georg Philip Krog (Signatu, NO), Michele Marrali (Studio Storti, IT), Erwin Rigter (Privacy Company, NL) and Robert Sindlinger (OneTrust, DE). The panel will be chaired by d.pia.lab members Dariusz Kloza and István Böröcz as well as Marco Giacalone (VUB-LSTS).
Registration is still available under this link.