‘an assessment of any actual or potential effects that an activity or proposal may have on individual privacy and the ways in which any adverse effects may be mitigated’;
• ‘a process. The fact of going through this process and examining the options will bring forth a host of alternatives which may not otherwise have been considered’;
• an approach and a philosophy that holds promise by instilling a more effective culture of understanding and practice within organisations that process personal data;
• a form of risk-assessment, which therefore cannot escape the uncertainties of identifying and estimating the severity and likelihood of the various risks that may appear, to privacy, life-chances, discrimination equality and so on;
• a tool for opening up the proposed technologies or applications to in-depth scrutiny, debate and precautionary action within the organisation(s) involved;
• like PETs, premised on the view that it is better to build safeguards in than to bolt them on;
• an early-warning technique for decision-makers and operators of systems that process personal information, enabling them to understand and resolve conflicts between their aims and practices, and the required protection of privacy above or the control of surveillance;
• ideally, a public document, leading to gains in transparency and in the elevation of public awareness of surveillance issues and dangers may be realised; in turn, it may assist regulatory bodies in carrying out their work effectively.
PIA should not be confused with compliance audits and the like, which are usually ex post facto and legally-oriented; as with environmental impact assessment, PIA assesses the likely impact of technology applications or new systems in the future, and considers a wider range of criteria.
Posts
No comments:
Post a Comment