Author
Abstract
The first broad reform of personal data protection legislation in the European Union entered into force in May 2018 (Regulation (EU) 2016/679, the General Data Protection Regulation). Remarkably, with this reform a risk-based approach has been introduced as the core data protection enforcement model, while data protection authorities see their regulatory role significantly weakened. The risk-based approach is to be implemented by the data controllers (i.e. the operators) via data protection impact assessments (evoking the established environmental impact assessment procedure) and notification of breaches, among other procedures. Hence the scope of both the concepts of risk and risk regulation spread beyond conventional domains, namely the environment, public health or safety, i.e. physical risks, to encompass risks to intangible values, i.e. individual rights and freedoms, presumably harder to assess and manage. Strikingly, the reform has been accompanied by a confident discourse by EU institutions, and their avowed belief in the reform’s ability to safeguard the fundamental right to data protection in the face of evolving data processing techniques, specifically, big data, the Internet of Things, and related algorithmic decision-making. However, one may wonder whether there isn’t cause for concern in view of the way the risk-based approach has been designed in the data protection legislation. In this article, the risk-based approach to data protection is analysed in the light of the reform’s underlying rationality. Comparison with the risk regulatory experience in environmental law, particularly the environmental impact assessment procedure, is drawn upon to assist us in pondering the shortcomings, as well as the opportunities of the novel risk-based approach.
Suggested Citation
Maria Eduarda Gonçalves, 2020.
"The risk-based approach under the new EU data protection regulation: a critical perspective,"
Journal of Risk Research, Taylor & Francis Journals, vol. 23(2), pages 139-152, February.
Handle:
RePEc:taf:jriskr:v:23:y:2020:i:2:p:139-152
DOI: 10.1080/13669877.2018.1517381
Download full text from publisher
As the access to this document is restricted, you may want to search for a different version of it.
Corrections
All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:taf:jriskr:v:23:y:2020:i:2:p:139-152. See general information about how to correct material in RePEc.
If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.
We have no bibliographic references for this item. You can help adding them by using this form .
If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.
For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Chris Longhurst (email available below). General contact details of provider: http://www.tandfonline.com/RJRR20 .
Please note that corrections may take a couple of weeks to filter through
the various RePEc services.