Data Protection Impact Assessments as Rule of Law Governance Mechanisms
Rule of law principles are essential for a fair and just society, and apply to government activities regardless of whether those activities are undertaken by a human or automated data processing. This paper explores how Data Protection Impact Assessments (DPIAs) could provide a mechanism for improved rule of law governance of data processing systems developed and used for public purposes. Applying rule of law principles to two case studies provides a sketch of the issues and concerns that this paper’s proposals for DPIAs seek to address. Drawing on comparative analysis of other governance schemes to identify specific recommendations for DPIAs, the paper offers some guidance on how DPIAs could be used to strengthen the governance of data processing by government in rule of law terms.