Resurrecting A Risk Based Approach To Privacy

A risk-based approach was an innovation promised by policymakers. Risk-based meant the likelihood and magnitude of adverse outcomes on people related to the processing of their data. Yet privacy regulators and courts ​often discount ​risk analysis ​that is not directly tied to individual autonomy, transparency, or the ability to exercise data subject rights.

From Schrems II on this has negatively impacted innovative data uses. Yet it is clear that data protection, while fundamental, is not absolute. Rights such as the rights to fair employment, better health, safety and conduct business need to be part of the equation. The answer is to graphically represent risk analysis to achieve demonstrable accountability.

That is the glass-breaking topic for this session​ where we will show examples of how this can be done.