References
- Article 29 Data Protection Working Party. 2017. Guidelines on data protection impact assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of regulation 2016/679, wp248rev.01. Accessed February 28, 2024. https://ec.europa.eu/newsroom/article29/items/611236
- Bieker, F., N. Martin, M. Friedewald, and M. Hansen. 2018. Data protection impact assessment: A hands-on tour of the GDPR’s most practical tool. In Privacy and identity management: The smart revolution, eds. M. Hansen, E. Kosta, I. Nai-Fovino, and S. Fischer-Hübner, 207–220. Cham: Springer.
- Boeckl, K., and N. Lefkovitz. 2020. NIST privacy framework: A tool for improving privacy through enterprise risk management, Version 1.0. Gaithersburg, MD: National Institute of Standards and Technology. doi:10.6028/NIST.CSWP.01162020.
- Brooks, S., M. Garcia, N. Lefkovitz, S. Lightman, and E. Nadeau. 2017. An introduction to privacy engineering and risk management in federal systems (NIST IR 8062). Gaithersburg, MD: National Institute of Standards and Technology. doi:10.6028/nist.ir.8062.
- Clarke, R. 2009. Privacy impact assessment: Its origins and development. Computer Law & Security Review 25 (2):123–135. doi:10.1016/j.clsr.2009.02.002.
- Clarke, R. 2011. An evaluation of privacy impact assessment guidance documents. International Data Privacy Law 1 (2):111–120. doi:10.1093/idpl/ipr002.
- Commission Nationale de l’Informatique et des Libertés. 2018. Privacy impact assessment (PIA). Accessed March 8, 2024. https://www.cnil.fr/en/PIA-privacy-impact-assessment-en.
- Cronk, R. J., and S. S. Shapiro. 2021. Quantitative privacy risk analysis. In 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS PW), 340–350. New York: IEEE.
- Data Protection Commission. 2019. Guidance note: Guide to data protection impact assessments. Accessed February 28, 2024. https://www.dataprotection.ie/en/dpc-guidance/guide-data-protection-impact-assessments
- Datenschutzkonferenz (Conference of the Independent Data Protection Supervisory Authorities of the Federation and the Länder). 2020. The Standard Data Protection Model Version 2.0b. Accessed February 28, 2024. https://www.datenschutzkonferenz-online.de/media/ah/SDM-Methode_V20b_EN.pdf.
- De Hert, P., and S. Gutwirth. 2006. Privacy, data protection and law enforcement: Opacity of the individual and transparency of power. In Privacy and the criminal law, eds. E. Claes, A. Duff, and S. Gutwirth, 61–104. Antwerp: Intersentia.
- De Hert, P., D. Kloza, and D. Wright (eds.). 2012. Recommendations for a privacy impact assessment framework for the European Union. Accessed February 28, 2024. https://zenodo.org/records/5141741.
- De, S. J., and D. L. Métayer. 2016. PRIAM: A privacy risk analysis methodology. In Data privacy management and security assurance, eds. G. Livraga, V. Torra, A. Aldini, F. Martinelli, and N. Suri, 221–229. Cham: Springer.
- Digital Health & Care Directorate. 2019. IGPACK template for DOC02b DPIA: Data protection impact assessment V201901. Accessed March 8, 2024. https://www.digihealthcare.scot/our-work/information-governance-and-assurance-branch/information-sharing-toolkit/the-is-toolkit-approach/.
- European Parliament and Council of the European Union. 2016. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (Text with EEA Relevance). Accessed February 29, 2024. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679&qid=1654983725537.
- Finn, R. L., D. Wright, and M. Friedewald. 2013. Seven types of privacy. In European data protection: Coming of age, eds. S. Gutwirth, R. Leenes, P. de Hert, and Y. Poullet, 3–32. Dordrecht: Springer.
- Hallinan, D., and M. Martin. 2020. Fundamental rights, the normative keystone of DPIA. European Data Protection Law Review 6 (2):178–193. doi:10.21552/edpl/2020/2/6.
- Hansen, M., M. Jensen, and M. Rost. 2015. Protection goals for privacy engineering. In 2015 IEEE security and privacy workshops, 159–166. Accessed February 29, 2024. https://ieeexplore.ieee.org/xpl/conhome/7160794/proceeding.
- Information and Privacy Commissioner of Ontario. 2015. Planning for success: Privacy impact assessment guide. Accessed February 29, 2024. https://www.ipc.on.ca/resource/planning-for-success-privacy-impact-assessment-guide/.
- Information Commissioner’s Office. 2018a. Data protection impact assessments. Accessed March 8, 2024. https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/data-protection-impact-assessments/.
- Information Commissioner’s Office. 2018b. Examples of processing “Likely to result in high risk.” Accessed March 8, 2024. https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/data-protection-impact-assessments-dpias/examples-of-processing-likely-to-result-in-high-risk/.
- International Organization for Standardization and International Electrotechnical Commission. 2017. ISO/IEC 29134:2017 Information technology - security techniques - guidelines for privacy impact assessment. Accessed February 29, 2024. https://www.iso.org/standard/62289.html.
- Kasper, D. V. S. 2005. The evolution (or devolution) of privacy. Sociological Forum 20 (1):69–92. doi:10.1007/s11206-005-1898.
- Koops, B. J., B. C. Newell, T. Timan, I. Škorvánek, T. Chokrevski, and M. Galič. 2017. A typology of privacy. University of Pennsylvania Journal of International Law 38:483–575.
- National Institute of Standards and Technology. 2019. NIST privacy risk assessment methodology (PRAM). Accessed Accessed February 29, 2024. https://www.nist.gov/itl/applied-cybersecurity/privacy-engineering/resources.
- Oetzel, M., and S. Spiekermann. 2014. A systematic methodology for privacy impact assessments: A design science approach. European Journal of Information Systems 23 (2):126–150. doi:10.1057/ejis.2013.18.
- Office for Personal Data Protection of the Czech Republic. 2018. List of processing operations subject to data protection impact assessment. Accessed February 29, 2024. https://edpb.europa.eu/sites/default/files/decisions/cz_dpia_list_354_cz_authority.pdf.
- Office of the Australian Information Commissioner. 2021. Guide to undertaking privacy impact assessments. Accessed February 29, 2024. https://www.oaic.gov.au/privacy/guidance-and-advice/guide-to-undertaking-privacy-impact-assessments.
- Office of the Privacy Commissioner. 2015. Privacy impact assessment toolkit. Accessed March 8, 2024. https://www.privacy.org.nz/publications/guidance-resources/privacy-impact-assessment/.
- Office of the Privacy Commissioner of Canada. 2020. Expectations: OPC’s guide to the privacy impact assessment process. Accessed February 29, 2024. https://www.priv.gc.ca/en/privacy-topics/privacy-impact-assessments/gd_exp_202003/.
- Office of the Victorian Information Commissioner. 2021. Privacy impact assessment guide. Accessed February 29, 2024. https://ovic.vic.gov.au/privacy/privacy-impact-assessment/.
- Organisation for Economic Co-operation and Development Council. 1980. Recommendation of the council concerning guidelines governing the protection of privacy and transborder flows of personal data. Accessed March 8, 2024. https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0188.
- Personal Data Protection Commission. 2021. Guide to data protection impact assessments. Accessed February 29, 2024. https://www.pdpc.gov.sg/help-and-resources/2017/11/guide-to-data-protection-impact-assessments.
- Shapiro, S. S. 2021. Time to modernize privacy risk assessment. Issues in Science and Technology 38 (1):20–22.
- Solove, D. J. 2006. A taxonomy of privacy. University of Pennsylvania Law Review 154 (3):477–564. doi:10.2307/40041279.
- Solove, D. J. 2012. Introduction: Privacy self-management and the consent dilemma. Harvard Law Review 126:1880–1903.
- Van Landuyt, D., L. Sion, P. Dewitte, and W. Joosen 2020. The bigger picture: Approaches to inter-organizational data protection impact assessment. In Computer security (LNCS 12580), ed. I. Boureanu, 283–293. Cham: Springer.
- Van Puijenbroek, J., and J. Hoepman. 2017. Privacy impact assessments in practice: Outcome of a descriptive field research in the Netherlands. Accessed February 29, 2024. https://www.semanticscholar.org/paper/3974eb5ad8d40138e4f74a5d6929ed962b0656b9.
- Vemou, K., and M. Karyda. 2020. Evaluating privacy impact assessment methods: Guidelines and best practice. Information & Computer Security 28 (1):35–53. doi:10.1108/ICS-04-2019-0047.
- Warren, S. D., and L. D. Brandeis. 1890. Right to privacy. Harvard Law Review 4 (5):193–220. doi:10.2307/1321160.
- Wright, D. 2013. Making privacy impact assessment more effective. The Information Society 29 (5):307–315. doi:10.1080/01972243.2013.825687.
- Wright, D., R. Finn, and R. Rodrigues. 2013. A comparative analysis of privacy impact assessment in six countries. Journal of Contemporary European Research 9 (1):160–180. doi:10.30950/jcer.v9i1.513.