Fairness and Data Protection Impact Assessments

Atoosa Kasirzadeh; Damian Clifford

arXiv:2109.06309·cs.CY·September 15, 2021

Fairness and Data Protection Impact Assessments

Atoosa Kasirzadeh, Damian Clifford

PDF

TL;DR

This paper critically examines the effectiveness of GDPR's DPIA requirement, highlighting the limited practical emphasis on fairness principles despite their theoretical importance in data protection assessments.

Contribution

It reveals a disconnect between the theoretical role of fairness in DPIAs and its practical application in guidance documents issued by authorities.

Findings

01

Fairness is theoretically central to DPIAs.

02

Guidance documents rarely mention fairness in practice.

03

There is a gap between theory and practice in DPIA assessments.

Abstract

In this paper, we critically examine the effectiveness of the requirement to conduct a Data Protection Impact Assessment (DPIA) in Article 35 of the General Data Protection Regulation (GDPR) in light of fairness metrics. Through this analysis, we explore the role of the fairness principle as introduced in Article 5(1)(a) and its multifaceted interpretation in the obligation to conduct a DPIA. Our paper argues that although there is a significant theoretical role for the considerations of fairness in the DPIA process, an analysis of the various guidance documents issued by data protection authorities on the obligation to conduct a DPIA reveals that they rarely mention the fairness principle in practice.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.