Advertisement

Data Protection Certification: Decorative or Effective Instrument? Audit and Seals as a Way to Enforce Privacy

  • Kirsten Bock
Part of the Law, Governance and Technology Series book series (LGTS, volume 25)

Abstract

This chapter will explore the elements necessary to achieve privacy enforcement through privacy certification. What makes a privacy seal effective and what are the components and effects of successful certification schemes? The chapter will explain how privacy seals can (1) support and ease the work of DPAs by providing relevant and structured information and (2) provide guidance to the private (and public) sector (especially DPOs) on how to demonstrate compliance to DPAs. The focus will be on the structural elements of a privacy seal report which aims at delivering the information relevant for prior authorisation, DPIA, an inspection or the work of a data protection officer, and on how this documentation can be used in practice.

Keywords

Data Protection Data Subject Certification Scheme Certification Body Protection Goal 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. Bäumler, Helmut, “Datenschutzgesetze der dritten Generation”, in Helmut Bäumler and Albert von Mutius (eds.), Datenschutzgesetze der dritten Generation, Luchterhand, Neuwied, Kriftel 1999, pp. 1–9.Google Scholar
  2. Bock, Kirsten, “Marktwirtschaftlicher Datenschutz”, in Jan-Hinrik Schmidt and Thilo Weichert (eds.), Datenschutz, Bundeszentrale für politische Bildung, Bonn, 2012, pp. 310–321.Google Scholar
  3. Bock, Kirsten, EuroPriSe Trust Certification, Datenschutz und Datensicherheit - DuD, Vol. 32, Issue 9, September 2008, pp. 610–614.Google Scholar
  4. Bock, Kirsten, and Sebastian Meissner, “Datenschutz-Schutzziele im Recht - Zum normativen Gehalt der Datenschutz-Schutzziele”, Datenschutz und Datensicherheit – DuD, Vol. 36, Issue 6, June 2012, pp. 425–431. http://www.maroki.de/pub/other/2012-06-DuD-SDMRecht.html.
  5. Centre for Information Policy Leadership, Hunton & Williams, The role of risk management in data protection, Paper 2 of the Project on Privacy Risk Framework and Risk based Approach to Privacy, Brussels, November 2014. http://www.informationpolicycentre.com/files/Uploads/Documents/Centre/Role_of_Risk_Management_in_Data_Protection.pdf
  6. Connolly, Chris, Trustmark Schemes Struggle to Protect Privacy, Pyrmont, Australia, 2008.Google Scholar
  7. Connolly, Chris, Benchmarks for Global Privacy Standards – Working Paper, Pyrmont, November 2009.Google Scholar
  8. Council of the European Union, Proposal for a Regulation of the European Parliament and the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), Brussels, 9398/15, 29 May 2015.Google Scholar
  9. Council of the European Union, Proposal for a Regulation of the European Parliament and the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), Brussels, 15039/15, 15 December 2015.Google Scholar
  10. Dix, Alexander, “Betroffenenrechte im Datenschutz”, in Jan-Hinrik Schmidt and Thilo Weichert (eds.), Datenschutz, Bundeszentrale für politische Bildung, Bonn 2012, pp. 290–297.Google Scholar
  11. European Commission, Communication to the European Parliament and the Council on Promoting Data Protection by Privacy-enhancing Technologies (PETs), COM (2007) 228 final, Brussels, 2 May 2007.Google Scholar
  12. European Commission, Joint Research Centre, Institute for the Protection and Security of the Citizen, EU Privacy seals study, Inventory and analysis of privacy certification schemes, Final Report Study Deliverable 1.4, Luxembourg, 2013. http://trilateralresearch.com/tenders/#eu-study-on-privacy-seals
  13. European Commission, Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, COM(2012) 11/final, Brussels, 25 January 2012.Google Scholar
  14. European Parliament and the Council, Directive 95/46/EC of 24.10.1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ L 281, Brussels, 23 November 1995.Google Scholar
  15. Feik, Sebastian, and Kai von Lewinski, “Der Markt für Datenschutz-Zertifizierungen”, BvD-News, Issue 2, 2014, pp. 47–50.Google Scholar
  16. Kokott, Juliane, and Christoph Sobotta, “The distinction between privacy and data protection in the jurisprudence of the CJEU and the ECtHR”, International Data Privacy Law, Vol. 3, No. 4, 2013, pp. 222–228.CrossRefGoogle Scholar
  17. Probst, Thomas, “Generische Schutzmaßnahmen für Datenschutz-Schutzziele”, Datenschutz und Datensicherheit – DuD, Vol. 36, Issue 6, June 2012, pp. 439–444.Google Scholar
  18. Rodrigues, Rowena, David Wright and Kush Wadhwa, “Developing a privacy seal scheme (that works)”, International Data Privacy Law, Vol. 3, Issue 2, February 2013, pp. 100–116.Google Scholar
  19. Rossnagel, Alexander, “Datenschutz-Audit”, Datenschutz und Datensicherheit – DuD, Vol. 21, Issue 9, September 1997, pp. 505–515.Google Scholar
  20. Rost, Martin, “Schutzziele”, in Jan-Hinrik Schmidt and Thilo Weichert (eds.), Datenschutz, Bundeszentrale für politische Bildung, Bonn, 2012, pp. 353–362.Google Scholar
  21. Rost, Martin, “Standardisierte Datenschutzmodellierung”, Datenschutz und Datensicherheit DuD, Vol. 36, Issue 6, June 2012, pp. 433–438. http://www.maroki.de/pub/privacy/2012-06-DuD-SDM.html
  22. Rost, Martin, “Datenschutz in 3D – Daten, Prozesse und Schutzziele in einem Modell”, Datenschutz und Datensicherheit DuD, Vol. 35, Issue 5, May 2011, pp. 351–355. http://www.maroki.de/pub/privacy/DuD2011-05_DP-3D.html
  23. Rost, Martin, and Andreas Pfitzmann, “Datenschutz-Schutzziele – revisited”, Datenschutz und Datensicherheit – DuD, Vol. 33, Issue 6, July 2009, pp. 353–358.Google Scholar
  24. Rost, Martin, and Kirsten Bock, “Privacy By Design und die Neuen Schutzziele – Grundsätze, Ziele und Anforderungen”, Datenschutz und DatensicherheitDuD, Vol. 35, Issue 1, January 2011, pp. 30–35. EN: “Privacy by Design and the New Protection Goals – Principles, Goals, and Requirements”. http://www.maroki.de/pub/privacy/BockRost_PbD_DPG_en_v1f.html
  25. Rost, Martin, and Kirsten Bock, “Impact Assessment im Lichte des Standard-Datenschutzmodells”, Datenschutz und DatensicherheitDuD, Vol. 36, Issue 10, October 2012, pp. 472–477. http://www.maroki.de/pub/privacy/2012-10_DuD-PIA.html
  26. US Department of Commerce, US-EU Safe Harbor Framework, Guide to self-certification, Washington DC, March 2009.Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.ULDKielGermany

Personalised recommendations