Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Fundamental rights, the normative keystone of DPIA

: Hallinan, Dara; Martin, Nicholas


European data protection law review : Edpl 6 (2020), Nr.2, S.178-193
ISSN: 2364-2831
ISSN: 2364-284X
Fraunhofer ISI ()
data protection; privacy; GDPR; data protection impact assessment; DPIA; fundamental rights

The General Data Protection Regulation mandates that data controllers conduct a Data Protection Impact Assessment (DPIA) for certain processing activities. The core of the substance of the DPIA obligation requires that data controllers engage in ‘an assessment of the risks to the rights and freedoms of data subjects [posed by the processing operation]’. A common interpretation has emerged that this obligation only requires data controllers to engage in a ‘compliance assessment’: an assessment of the risks of processing considering the concrete provisions of the GDPR. This article takes issue with this interpretation and offers an elaborated conceptual argument supporting the following, alternative, position: the obligation that the DPIA risk assessment process include ‘an assessment of the risks to the rights and freedoms of data subjects’ requires data controllers to take the complete catalogue of rights and freedoms, outlined in foundational European fundamental rights instruments, as the key normative reference point for the DPIA risk assessment process.