Introduction

Abstract

Considering that the deployment of new information technologies can lead to substantial privacy risks for individuals, there is a growing recognition that a privacy impact assessment (PIA) should be conducted before the design of a product collecting or processing personal data. De facto PIAs have become more and more popular during the last decade. Several countries such as Australia, New Zealand, Canada, the U.S. and the United Kingdom [164] have played a leading role in this movement. Europe has also promoted PIAs in areas such as RFIDs [9, 107] and smart grids [11, 12] and is putting strong emphasis on privacy and data protection risk analysis in its new General Data Protection Regulation (GDPR)¹ [48]. However, if existing PIA frameworks and guidelines provide a good deal of details on organizational aspects (including budget allocation, resource allocation, stakeholder consultation, etc.), they are much vaguer on the technical part (what we call “Privacy Risk Analysis” or “PRA” in this book), in particular on the actual risk assessment task. Some tools have also been proposed to help in the management of organizational aspects [3, 118, 144] but no support currently exists to perform the technical analysis. For PIAs to keep up their promises and really play a decisive role to enhance privacy protection, they should be more precise with regard to these technical aspects. This is a key requirement to ensure that their results are trustworthy and can be subject to independent checks. However, this is also a challenge because privacy is a multifaceted notion involving a wide variety of factors that may be difficult to assess.