Search

Search articles for

Advanced filters

Published After

Year20192020202120222023202420252026MonthJanFebMarAprMayJunJulAugSepOctNovDecDay12345678910111213141516171819202122232425262728293031

Published Before

Year20192020202120222023202420252026MonthJanFebMarAprMayJunJulAugSepOctNovDecDay12345678910111213141516171819202122232425262728293031

By Author

Search

Search Results

• The Many Shades of Impact Assessments An analysis of data protection by design in the case law of national supervisory authorities

  Pierre Dewitte

  209-253

  18-09-2024

  Data protection by design is one of the cornerstones of the reform that led to the adoption of the GDPR. Yet, the very nature of that obligation, coupled with the broad wording used by the EU legislator, makes substantiating data protection by design particularly complex. This paper is the second part a two-paper series that explores the intricacies of Article 25(1) GDPR. While the first entry delved into the history and role of data protection by design, this paper aims to clarify the material scope of that provision. It does so by analysing the three core components of Article 25(1) GDPR in light of the findings of a case law review spanning 177 administrative and judicial decisions issued by 26 supervisory authorities in 24 countries between the entry into force of the GDPR and 31 December 2023. That process exposed the role of data protection by design as a proxy to Fundamental Rights Impact Assessments and shed light on its added value in guaranteeing the flexibility and future-proofness of the Regulation.