Open Access

Rolf H. Weber

• A Privacy Impact Assessment (PIA) is a systematic risk assessment tool, enabling organizations to maintain compliance with data protection regulations, to manage privacy risks and to provide public benefits through the success of privacy-by-design efforts. An actual practical implementation of a PIA framework has been realized in the context of RFID applications encompassing detailed steps for the PIA process; a first successful review has been completed. The PIA also allows to introduce a pro-active mitigation of privacy risks through technical and organizational controls. The better the precautionary measures realize the relevant privacy objectives, the less likely will occur with the PIA process afterwards. The recent proposal for a far-reaching revision of the EU Data Protection Directive envisages to state a specific requirement to implement a PIA process. Indeed, since risks for privacy and non-disclosure of personal data are different in not identical circumstances, the protection measures should also be different, i.e. technology should assist in trying to achieve the (at least) second-best solution for the implementation of the data protection regime by a PIA. Insofar, privacy rules can be individualized and matched with the concrete needs in the given environment.