The risk-based approach under the new EU data protection regulation: a critical perspective

  title={The risk-based approach under the new EU data protection regulation: a critical perspective},
  author={Maria Eduarda Barroso Gonçalves},
  journal={Journal of Risk Research},
  pages={139 - 152}
  • M. E. Gonçalves
  • Published 1 February 2020
  • Computer Science
  • Journal of Risk Research
Abstract The first broad reform of personal data protection legislation in the European Union entered into force in May 2018 (Regulation (EU) 2016/679, the General Data Protection Regulation). Remarkably, with this reform a risk-based approach has been introduced as the core data protection enforcement model, while data protection authorities see their regulatory role significantly weakened. The risk-based approach is to be implemented by the data controllers (i.e. the operators) via data… 
4 Citations
Risk of regulatory failure of “risk-based regulation” while using enterprise risk management as a meta-regulatory toolkit
PurposeDebate is growing around the expansion of risk-based regulation. The regulation scholarship provides evidence of regulatory failure of the risk-based approach in different domains, including
Especificando la responsabilidad algorítmica
Especificar la responsabilidad algorítmica tiene por objetivo clasificar las acciones de protección ante los impactos de la Inteligencia Artificial. La descripción de los problemas causados por la
Risikoregulierung der KI: normative Herausforderungen und politische Entscheidungen. Stellungnahme zum Weißbuch der Europäischen Kommission „Zur Künstlichen Intelligenz ‒ ein europäisches Konzept für Exzellenz und Vertrauen“
Wir bedanken uns für die Möglichkeit, Stellung zum Weißbuch „Zur Künstlichen Intelligenz ‒ ein europäisches Konzept für Exzellenz und Vertrauen“ (COM(2020) 65 final, vom 19.2.2020) nehmen zu können.
A comparative analysis of personal data protection regulations between the EU and China
Text coding was employed to compare the current personal data protection regulation landscape in the EU and in China to discover the differences between the General Data Protection Regulation and the personal data Protection regulations of the fastest-growing economy in e-commerce.


The Foundations of EU Data Protection Law
Nearly two decades after the EU first enacted data protection rules, key questions about the nature and scope of this EU policy, and the harms it seeks to prevent, remain unanswered. The inclusion of
Risk-based regulation
  • J. Black
  • Business, Economics
    OECD Regulatory Policy Outlook 2021
  • 2021
This chapter identifies key aspects of the risk-based frameworks of eleven regulators in four countries across four sectors: environment, food safety, financial markets and health and safety.
A European Perspective on Data Processing Consent through the Reconceptualization of European Data Protection's Looking Glass after the Lisbon Treaty: Taking Rights Seriously
Abstract: EU data protection law is undergoing a process of reform to meet the challenges of the modern economy and rapid technological developments. This study re-conceptualizes data protection in
ABSTRACT The European Union (EU) has adopted the precautionary principle (PP) as a legal principle for dealing with uncertain risks; that is situations in which the relationship between activities
Risk and regulatory policy : improving the governance of risk
Because the reduction of risks is a pervasive part of government activity, the management of risks is a primary function embedded in the operations of capable governments. In practical terms,
The Precautionary Principle: Its Use Within Hard and Soft Law
The precautionary principle in public decision making concerns situations where following an assessment of the available scientific information, there are reasonable grounds for concern for the
Really Responsive Risk-Based Regulation
Regulators in a number of countries are increasingly developing "risk-based" strategies to manage their resources, and their reputations as "risk-based regulators" have become much lauded by
Technologies of Compliance: Risk and Regulation in a Digital Age
Legal scholarship has been silent about a phenomenon with profound implications for governance: the automation of compliance with laws mandating risk management. Regulations - from bank
National Programmes for Mass Surveillance of Personal Data in EU Member States and their Compatibility with EU Law
In the wake of the disclosures surrounding PRISM and other US surveillance programmes, this study makes an assessment of the large-scale surveillance practices by a selection of EU member states: the
Privacy management practices in the proposed EU regulation
Article 32a DPR requires the controller to carry out a risk analysis of the potential impact of the intended data processing on the rights and freedoms of the data subjects with the objective of