Guidelines on Privacy Impact Assessment in e-Government Projects
The purpose of these guidelines is to present Privacy Impact Assessment as identification, analysis and risk-reduction tool for the purpose of lawful processing of personal data within the scope of e-Government development strategy implementation.
The target audiences of these guidelines are policy-makers, personal data controllers, service developers, providers of information and communication technologies as well as other stakeholders in e-Government development strategies.
Guidelines on Privacy Impact Assessment for the Introduction of new Police Powers
The main purpose of these guidelines is to provide a tool that law enforcement policy makers can use when introducing new police powers, particularly those entailing the use of technical measures. This tool will aid in conducting of a thorough privacy impact analysis (PIA), help in assessing the necessity, adequacy, effectiveness and proportionality of the new measures, allow for due public debate on the subject, and assist in providing adequate safeguards against serious infractions of fundamental constitutional rights.
These guidelines are intended to Law enforcement, Office of the Attorney General, Ministry of Justice and general public.
CNIL releases its guide concerning privacy impact assessments
Following the agreement reached between the Council, Commission and Parliament on the 15 December, new useful mechanisms are starting to release.
The European Union Agency for Network and Information Security (ENISA) issued a document titled Privacy and Data Protection by Design – from policy to engineering which outlines the effort made by EU data protection authorities, specially the the Commission Nationale de l’Informatique et des Libertés (CNIL). In this regard, a guide for carrying out Privacy Impact Assessments (hereinafter PIAs) was published by the Commission Nationale de l’Informatique et des Libertés (CNIL) in accordance with Article 34 of the French Data Protection Act and the forhcoming paragraph 1 of the Article 23 GDPR to help data controllers to implement Privacy by design.
The method aims to help data controllers to implement Privacy by design. To that purpose, the CNIL issued a much more efficient method, which is composed of two guides. On the one hand, the methodological approach document explains how to carry out PIAs describing how to use the EBIOS method in the specific context of personal data protection. On the other hand, the tools (templates and examples) analyses every specific tool such as; tools for context study, tools for controls study, tools for risk study and tools for validating the PIA.
Ultimately, the manual issued by the CNIL stresses two basic pillars regarding to PIAs. Firstly, the fundamental principles and rights, “non-negotiable”, fixed by law and that have to be complied with. Secondly, the Privacy Risk Management, which permits to govern the satisfactory technical and organizational controls to protect personal data.