The Stakes and Challenges
35
Example: The European regulation project
for the protection of personal data
On a European level, the potential regulatory evolution concerning
privacy protection during data processing is an example of the
much-needed adaptation of the legal framework. This European
regulation project on data protection introduces the notions of
“
Privacy By Design” and of “Privacy Impact Assessment”. These
approaches will be made obligatory, in theory, in 2016 across the
European Union:
• “
Privacy by design
”
is an approach that takes privacy into account
throughout the whole conception process;
•
The “
Privacy Impact Assessment
”
will require businesses to
analyse their impact on user privacy. These analyses will have
to be carried out by the Data Privacy Officer, but also by the
Chief Information Officer (CIO), before starting certain risky data
processing operations, i.e. when processing sensitive data (to do
with health, ethnicity, politics…).
The goal is to evaluate the risks associated with protecting the
privacy of individuals (for example in behavioural marketing,
biometrics and the Internet of Things).
