The presentation summarises the findings from a recent paper on technology foresight by EU data protection authorities, based upon research conducted in PHAEDRA II, a project dedicated to supporting better collaboration between those authorities.
Neo4j_Jesus Barrasa_The Art of the Possible with Graph.pptx.pdf
Phaedra II Technology foresight, 17 Nov 2016
1. The technology foresight
activities of European Union data
protection authorities
Dr David Barnard-Wills
Senior Research Analyst
David.barnard-
wills@trilateralresearch.com
2. PHAEDRA Project Overview
• PHAEDRA (2013-2014)
• Improving practical cooperation
and coordination between Data
Protection Agencies (DPAs),
Privacy Commissioners (PCs) and
Privacy Enforcement Authorities
(PEAs) around the world,
especially in regard to the
enforcement of privacy and data
protection laws.
• PHAEDRA II (2015-2017)
• Identify, develop and recommend
measures for improving practical
co-operation between European
Data Protection Authorities
(DPAs).
– focused on the challenges for co-
operation arising from the reform of
the European data protection
framework and from the EU
framework in force.
– The project will tackle three of the
biggest challenges facing European
DPAs:
• ensuring consistency
• sharing different types of
information (including confidential
information) and
• co-ordination and co-operation
regarding enforcement actions.
http://www.phaedra-project.eu/
4. The new paper maps the technology foresight activities of European DPAs :
the ways in which these organisations try to
understand new technologies and their
potential impacts upon data protection.
The paper also covers:
• The importance of this activity to their work,
• The current types of foresight activity and extent to which such activities are
performed in isolation or collaboration.
• The particular challenges they face,
• The potential for a collaborative EU DPA technology foresight task force.
5. • Technology foresight supports DPA activities
and roles
– Prepares for future enforcement actions
– Anticipate data protection concerns
– Allows earlier intervention in design, e.g. Privacy
by design
– Support new GDPR role in data protection impact
assessments
– Informs education strategies
– Guides assessment of adequacy of existing policy
environment.
6. • Technology foresight activities are highly variable
amongst EU DPAs
– Not an explicitly mandated task (until GDPR art 57(i))
– Includes studies, reports, expert panels, blogs
research collaboration
– Often ad-hoc, conducted by interested staff or in
response to particular cases
– Some larger DPAs do have dedicated technology
teams and formal foresight activities
– Some international collaboration
• Article 29 Working Party Technology sub-group
• Berlin group
7. • Emerging technologies (such as drones, the
Internet of Things and big data) demonstrate
the specific challenges of DPA foresight
– The need for domain expertise in technologies
– Understanding the capabilities and affordances of
technologies
• Separating hype from reality
– Understanding when new technologies are a
disruptive shift from previous existing
technologies
– Understanding cumulative impact of technologies
(e.g. Drones + big data).
8. • A dedicated foresight task force of EU DPAs offers substantial
benefits
– Establishing regular channels of communication between DPAs
facing same new technologies,
– Shared learning,
– Clearing house for national-level foresight
– Increased professionalization of data protection technology
foresight,
– Clear guidance for industry, applicable across EU,
– Pooling of resources for more in-depth investigation and
research on new technologies
– Larger scale consultation and stakeholder participation become
possible.
– Contribution to forensic investigations where a capacity gap
9. • A dedicated foresight task force of EU DPAs would require:
– The opportunity provided by the GDPR.
– Contributions of resources and personnel to be negotiated and
agreed.
– Composed in a manner that retains independence of DPAs
– Combination of IT specialists and experts from other fields (law,
social sciences) and ideally with experience across DPA
operations
– Strong communication between task force, EDPB, and national
DPAs.
– Mandate and “horizons” collectively agreed upon by contributing
parties.
– Identification of role in comparison (and collaboration) with
parliamentary technology assessment agencies and networks.
10. Resources
PHAEDRA II Deliverable D2.2: Barnard-Wills, David and Vagelis
Papakonstantinou, Best Practices for cooperation between EU DPAs, London-
Brussels-Warsaw-Castellón, February 2016, 74 pp. [public version] available from:
http://www.phaedra-project.eu/deliverables-2/
Barnard-Wills, D. “The technology foresight activities of European Union
data protection authorities”, Technological Forecasting & Social Change.
2016
http://www.sciencedirect.com/science/article/pii/S0040162516305571