Chapter 20: Data protection, control and participation beyond consent - Seeking the views of data subjects in data protection impact assessments
Restricted access

This Chapter analyses Article 35(9) GDPR, which requires controllers conducting Data Protection Impact Assessments (DPIAs) to seek the views of data subjects or their representatives on the intended processing 'where appropriate'. It discusses the benefits of data subjects' involvement in DPIAs, and how such involvement can be realised in practice. Legal perspectives are complemented by insights from Media & Communication Studies to consider arguments and models that could find ground in data protection regulation. The analysis shows that involving data subjects in DPIAs can have benefits for some kinds of empowerment. It can enable checks and balances vis-à-vis controllers' decisions and increase democratic legitimacy, improve the quality of DPIAs, and complement classic data protection control tools, such as consent and data subjects' rights. To realise this potential significant practical challenges need to be overcome. These include the limited expertise of assessors in participation methods, the limited literacy of non-expert citizens and/or their representatives in data protection issues, and the difficulty of creating inclusive participation processes that ensure good representativeness.

You are not authenticated to view the full text of this chapter or article.

Access options

Get access to the full article by using one of the access options below.

Other access options

Redeem Token

Institutional Login

Log in with Open Athens, Shibboleth, or your institutional credentials

Login via Institutional Access

Personal login

Log in with your Elgar Online account

Login with you Elgar account