Monday 21 November 2016

technology foresight activities of EU data protection authorities.



My most recent article, "The technology foresight activities of European Union data protection authorities" has been published online first in the peer-reviewed journal Technological Forecasting & Social Change. 

The paper maps the technology foresight activities of European DPAs - the ways in which these organisations try to understand new technologies and their potential impacts upon data protection. The paper also covers the importance of this activity to their work, the particular challenges they face, and the extent to which such activities are performed in isolation or collaboration. It also assesses the potential for a collaborative EU DPA technology foresight task force. A systematic study of the foresight activity of EU data protection authorities, it's findings include:

  • Technology foresight activities are highly variable amongst EU DPAs. It is often ad-hoc, conducted by interested staff in response to particular cases. Some larger DPAs do have dedicated technology teams and formal foresight activities.
  • Technology foresight supports other privacy-promoting activities and approaches such as privacy-by-design, as well as supporting the regulatory roles of DPAs.
  • Emerging technologies (such as drones, the internet of things and big data) demonstrate the specific challenges of DPA foresight, including: the need for domain expertise, understanding the capabilities of technologies, and understanding when new technologies are a disruptive shift from previous existing technologies.
  • A dedicated foresight task force of EU DPAs offers substantial benefits, including opening up regular channels of communication, increased professionalisation, shared learning, clear guidance for industry, and pooling of resources for more in-depth investigation and research on new technologies.
 
The article comes from research we've been conducting at Trilateral Research as part of the PHAEDRA II project. PHAEDRA II is dedicated to understanding and supporting cooperation between EU data protection authorities. It is a follow-on project from the successful PHAEDRA project. PHAEDRA II concludes in January 2017. Other Trilateral publications from the PHAEDRA II project include an article on data protection authority perspectives on the impact of data protection reform on cooperation in the EU. This article was based upon interviews conducted by the PHAEDRA II team with senior representatives of EU data protection authorities, during the then-ongoing data protection reform process. I've also contributed to reports on best practices for cooperation and legal challenges in applying the GDPR provisions on cooperation.