Link:Presentation of David Wright

advertisement
Privacy impact assessment:
an instrument for transparency and
building trust in e-government services
David Wright
Managing Partner
Trilateral Research & Consulting
Brussels, 19 Feb 2013
1
Outline
•
•
•
•
•
Introduction: The promises of e-government
A right to know and assess privacy impacts
What is a privacy impact assessment?
Benefits of PIAs
Recommendations for MEPs
2
The promise of e-government
•
•
•
•
better service delivery to citizens
empowerment of the people
access to information and
participation in public policy decision-making
But the reality is
• cost savings for government
• fewer administrative burdens
• reduced work-process time
3
Governments are interested
in e-government
• … and have been spending accordingly
• But the promises of e-government have not
been fulfilled as quickly as expected
• The adoption and take-up of e-government has
been rather slow
• Why?
4
Factors affecting the uptake
of e-government
• National culture (some people are more risk averse than
•
•
•
•
•
others)
User friendliness of services
Perceived advantages to citizens (not that great)
Inadequate infrastructure
Poor understanding of people’s needs
Government agencies do not engage citizens in the
development of e-government services
• Lack of trust
• Citizens’ growing awareness that these technologies can
intrude upon their privacy
5
A right to know
and assess privacy impacts
• People have a right to know if new
technologies or services will intrude upon
their privacy
• just as they have a right to know about the
quality of the water they drink
• or the impact upon the environment of a
new chemical production factory.
6
PIA gives practical force
to the right to know
• “PIA remains the most comprehensive model in place to
assess the effects of federal initiatives on an individual’s
privacy” – Jennifer Stoddart
• PIA is a way of engaging citizens in the assessment of new
services potentially impacting privacy.
• It is a way of improving transparency.
• PIA is mandatory (like food product labelling) in Canada,
US,UK
• Other countries strongly encourage use of PIA
7
What is PIA?
• a process for assessing the impacts on privacy of
a project, technology, service, policy or other
initiative and, in consultation with stakeholders, for
taking remedial actions as necessary in order to
avoid or minimise the negative impacts.
• A PIA is about identifying risks and finding
solutions, not simply producing a report that
demonstrates compliance.
8
Various PIA methodologies and policies
• PIAF project aimed to develop an “optimised” PIA for
Europe
• Reviewed methodologies in Australia, Canada, New
Zealand, HK, Ireland, US,UK
• Surveyed EU DPAs
• Workshops, final report with recommendations
9
PIA benefits
• The costs of fixing a project at the planning stage will be a
•
•
•
•
•
fraction of those incurred later on.
PIA helps an organisation to avoid costly or embarrassing
privacy mistakes.
PIA can help to reduce or even eliminate any liability,
negative publicity and loss of reputation.
PIA enhances informed decision-making.
PIA is a way to gain the public’s trust and confidence that
privacy has been built into the design of e-government
services.
Trust is built on transparency, and a PIA is a disciplined
process that promotes open communications, common
understanding and transparency.
10
Article 33 is quite good
• It is risk-based, cites examples of risk.
• It makes data protection impact assessment (DPIA)
mandatory.
• It specifies what the DPIA report shall contain.
• Art. 33 (4) obliges the data controller to seek the
views of data subjects.
• It holds out the prospect of audits of PIAs.
• But it could be improved…
11
Recommendations for MEPs
•
PIA should be “required for such processing operations even
on a small scale”.
• PIA vs DPIA – DPIA sends the wrong message.
• Cite benefits of PIA in the recitals.
• Encourage publication of the PIA report (if necessary,
redacted).
• Oblige audit of the PIA.
• Oblige organisations to keep a public, easily discovered
registry of their PIA reports.
12
That’s all!
david.wright@trilateralresearch.com
www.trilateralresearch.com
13
Download