Certification as guidance for data protection by design

References

• Age Check. 2020. “Technical Requirements for Age Estimation Technologies (ACCS 1:2020).” www.accscheme.com/media/inahwyup/accs-1-2020-technical-requirements-for-age-estimation-technologies.pdf.
   Google Scholar
• Age Check. 2021. “Technical Requirements for Age Appropriate Design for Information Society Services (ACCS 3: 2021).” ico.org.uk/for-organisations/certification-schemes-register/a-h.
   Google Scholar
• Al-Sharieh, Saleh, Nikolaus Forgó, Jeanne Pia Mifsud Bonnici, Iheanyi Nwankwo, and Kai Wendt. 2018. “Securing the Person and Protecting the Data: The Requirement and Implementation of Privacy by Design in Law Enforcement ICT Systems.” In Changing Communities, Changing Policing, edited by Jeanne Pia Mifsud Bonnici, and Joseph Canatacci, 172–191. Austria: NWV Verlag.
   Google Scholar
• Bygrave, Lee A. 2017. “Data Protection by Design and by Default : Deciphering the EU’s Legislative Requirements.” Oslo Law Review 4 (3): 105–120. https://doi.org/10.18261/issn.2387-3299-2017-02-03.
   Google Scholar
• Bygrave, Lee A. 2020. “Article 25. Data Protection by Design and by Default.” In The EU General Data Protection Regulation: A Commentary, edited by Christopher Kuner, Lee A. Bygrave, and Christopher Docksey, 571–581. New York: Oxford University Press.
   Google Scholar
• CISPE (Cloud Infrastructure Service Providers Europe). 2021. “Data Protection Code of Conduct for Cloud Infrastructure Service Providers.” https://www.codeofconduct.cloud/the-code/.
   Google Scholar
• CNPD (Commission Nationale pour la Protection des Données). 2022a. “GDPR Certified Assurance Report Based Processing Activities Certification Criteria (GDPR-CARPA).” Version 1. https://cnpd.public.lu/content/dam/cnpd/fr/professionnels/certification/decision-n-15-2022-du-13-mai-2022-criteres-de-certification.pdf.
   Google Scholar
• CNPD (Commission Nationale pour la Protection des Données). 2022b. “The CNPD Adopts the Certification Mechanism ‘GDPR-CARPA’.” CNPD. Accessed June 5, 2023. https://cnpd.public.lu/en/actualites/national/2022/06/adpoption-gdpr-carpa.html.
   Google Scholar
• Craig, Paul. 2018. EU Administrative Law. 3rd ed. New York: Oxford University Press.
   Google Scholar
• EDPB (European Data Protection Board). 2019. “Guidelines 1/2018 on Certification and Identifying Certification Criteria in Accordance with Articles 42 and 43 of the Regulation.” Version 3. https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-12018-certification-and-identifying_en.
   Google Scholar
• EDPB (European Data Protection Board). 2020. “Guidelines 4/2019 on Article 25 Data Protection by Design and by Default (Version 2).” edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-42019-article-25-data-protection-design-and_en.
   Google Scholar
• EDPB (European Data Protection Board). 2021. “Opinion 17/2021 on the Draft Decision of the French Supervisory Authority Regarding the European Code of Conduct Submitted by CISPE.” edpb.europa.eu/our-work-tools/our-documents/opinion-board-art-64/opinion-172021-draft-decision-french-supervisory_en.
   Google Scholar
• EDPB (European Data Protection Board). 2022a. “Opinion 1/2022 on the Draft Decision of the Luxembourg Supervisory Authority Regarding the GDPR-CARPA Certification Criteria.” edpb.europa.eu/our-work-tools/our-documents/opinion-board-art-64/opinion-12022-draft-decision-luxembourg_en.
   Google Scholar
• EDPB (European Data Protection Board). 2022b. “Opinion 25/2022 Regarding the EuroPriSe Certification Criteria for the Certification of Processing Operations by Processors.” edpb.europa.eu/our-work-tools/our-documents/opinion-board-art-64/opinion-252022-regarding-european-privacy-seal_en.
   Google Scholar
• EDPB (European Data Protection Board). 2022c. “Opinion 28/2022 on the Europrivacy Criteria of Certification Regarding Their Approval by the Board as European Data Protection Seal Pursuant to Article 42.5.” edpb.europa.eu/our-work-tools/our-documents/opinion-board-art-64/opinion-282022-europrivacy-criteria-certification_en.
   Google Scholar
• EDPB (European Data Protection Board). 2022d. “The CNPD Adopts the Certification Mechanism GDPR-CARPA.” EDPB. https://edpb.europa.eu/news/national-news/2022/cnpd-adopts-certification-mechanism-gdpr-carpa_en.
   Google Scholar
• EDPB (European Data Protection Board). 2023. “EDPB Document on the procedure for the adoption of the EDPB opinions regarding national criteria for certification and European Data Protection Seals.” https://edpb.europa.eu/our-work-tools/our-documents/procedure/edpb-document-procedure-adoption-edpb-opinions-regarding_en.
   Google Scholar
• EU Commission. 2012. “Proposal for a Regulation of the Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data.” COM (2012) 11 Final.
   Google Scholar
• EuroPriSe (European Privacy Seal). 2022a. “Criteria for the Certification of Processing Operations by Processors.” Version 3. www.euprivacyseal.com/certification-schemes/scheme-for-processors.
   Google Scholar
• EuroPriSe (European Privacy Seal). 2022b. “Europrise Cert Gmbh is the First Private Company in the EU With Certification Criteria Approved by the Competent Supervisory Authority.” EuroPriSe. https://www.euprivacyseal.com/europrise-cert-gmbh-is-the-first-private-company-in-the-eu-with-certification-criteria-approved-by-the-competent-supervisory-authority/.
   Google Scholar
• Europrivacy. 2022. “EuroPrivacy GDPR Core Criteria.” https://community.europrivacy.com/europrivacy-gdpr-core-criteria/.
   Google Scholar
• Garante per la Protezione dei Dati Personali. 2023. “Artificial Intelligence: Stop to ChatGPT by the Italian SA Personal Data Is Collected Unlawfully, No Age Verification System Is in Place for Children’.” Garante per la Protezione dei Dati Personali. www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/9870847#english.
   Google Scholar
• Hildebrandt, Mireille. 2008. “Legal and Technological Normativity.” Techné: Research in Philosophy and Technology 12 (3): 169–183. https://doi.org/10.5840/techne20081232.
   Google Scholar
• Kamara, Irene, and Paul De Hert. 2018. “Data Protection Certification in the EU: Possibilities, Actors and Building Blocks in a Reformed Landscape.” In Privacy and Data Protection Seals, edited by Rowena Rodrigues, and Vagelis Papakonstantinou, 7–34. The Hague, The Netherlands: Asser Press.
   Google Scholar
• ISO (International Organization for Standardization). 2019. ISO/IEC 27701:2019”.
   Google Scholar
• ISO (International Organization for Standardization). 2022. “ISO/IEC 27001:2022.” Latest Version.
   Google Scholar
• ISO (International Organization for Standardization). 2022. “ISO/IEC 27002:2022.” Latest Version.
   Google Scholar
• ISO (International Organization for Standardization). 2022. “ISO/IEC 27005:2022”.
   Google Scholar
• ISO (International Organization for Standardization). 2023. “ISO 31700:2023”.
   Google Scholar
• Jasmontaite, Lina, Irene Kamara, Gabriela Zanfir-Fortuna, and Stefano Leucci. 2018. “Data Protection by Design and by Default:.” European Data Protection Law Review 4 (2): 168–189. https://doi.org/10.21552/edpl/2018/2/7.
   Google Scholar
• Koščík, Michal, and Matěj Myška. 2018. “Data Protection and Codes of Conduct in Collaborative Research.” International Review of Law, Computers & Technology 32 (1): 141–154. https://doi.org/10.1080/13600869.2018.1423888.
   Google Scholar
• Koulierakis, Efstratios. 2022. “The Challenge of Incorporating Legal Rules Into Digital Applications: A Theoretical Exploration of Article 25 GDPR.” ILLYRIUS International Scientific Review 18 (1): 35–46.
   Google Scholar
• Kuner, Christopher, Fred H. Cate, Christopher Millard, Dan Jerker, B. Svantesson, and Orla Lynskey. 2015. “Risk Management in Data Protection.” International Data Privacy Law 5 (2): 95–98. https://doi.org/10.1093/idpl/ipv005.
   Google Scholar
• Lachaud, Eric. 2020. “ISO/IEC 27701 Standard: Threats and Opportunities for GDPR Certification.” European Data Protection Law Review 6 (2): 194–210. https://doi.org/10.21552/edpl/2020/2/7.
   Google Scholar
• Leenes, Ronald. 2019. “Regulating New Technologies in Time of Change.” In Regulating New Technologies in Uncertain Times, edited by Leonie Reins. Berlin: Asser.
   Google Scholar
• Michelakaki, Christina, and Sebastião Barros Vale. 2023. Unlocking Data Protection by Design and by Default: Lessons from Enforcement of Article 25 GDPR. Future of Privacy Forum. https://fpf.org/wp-content/uploads/2023/05/FPF-Article-25-GDPR-A4-FINAL-Digital.pdf.
   Google Scholar
• Rodrigues, Rowena, David Barnard-Wills, Paul De Hert, and Vagelis Papakonstantinou. 2016. “The Future of Privacy Certification in Europe: An Exploration of Options Under Article 42 of the GDPR.” International Review of Law, Computers & Technology 30 (2): 248–270. https://doi.org/10.1080/13600869.2016.1189737.
   Google Scholar
• Senden, Linda. 2004. Soft Law in European Community Law. Portland, Oregon: Hart Publishing.
   Google Scholar
• UK ICO (Information Commissioner’s Office). n.d. “Age Appropriate Design Certification Scheme (AADCS).” ICO. Accessed September 11, 2023. https://ico.org.uk/for-organisations/advice-and-services/certification-schemes/certification-scheme-register/age-appropriate-design-certification-scheme-aadcs/.
   Google Scholar