{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T13:16:21Z","timestamp":1742994981554,"version":"3.40.3"},"publisher-location":"Cham","reference-count":28,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030551957"},{"type":"electronic","value":"9783030551964"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-55196-4_2","type":"book-chapter","created":{"date-parts":[[2020,10,14]],"date-time":"2020-10-14T23:11:38Z","timestamp":1602717098000},"page":"25-42","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Processing Operations \u2018Likely to Result in a High Risk to the Rights and Freedoms of Natural Persons\u2019"],"prefix":"10.1007","author":[{"given":"Katerina","family":"Demetzou","sequence":"first","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,10,15]]},"reference":[{"key":"2_CR1","unstructured":"Van Dijk, N., Gellert, R., Rommetveit, K.: A risk to a right: beyond data protection impact assessments. Comput. Law Secur. Rev. 32(2), 286\u2013306 (2016)"},{"key":"2_CR2","unstructured":"Gellert, R.: Understanding the notion of risk in the General Data Protection Regulation. Comput. Law Secur. Rev. 34(2), 279\u2013288 (2018)"},{"key":"2_CR3","unstructured":"Data Protection Commission, Guidance Note: Guide to Data Protection Impact Assessments (DPIAs), October 2019.  \nhttps:\/\/www.dataprotection.ie\/en\/guidance-landing\/guide-data-protection-impact-assessments\n\n. Accessed 12 Mar 2020"},{"key":"2_CR4","unstructured":"Norwegian Data Protection Authority (Datatilsynet). \nhttps:\/\/www.datatilsynet.no\/rettigheter-og-plikter\/virksomhetenes-plikter\/vurdere-personvernkonsekvenser\/vurdering-av-personvernkonsekvenser\/nar-ma-man-gjennomfore-en-vurdering-av-personvernkonsekvenser\/\n\n. Accessed 12 Mar 2020"},{"key":"2_CR5","unstructured":"Norwegian Data Protection Authority (Datatilsynet). \nhttps:\/\/www.datatilsynet.no\/rettigheter-og-plikter\/virksomhetenes-plikter\/vurdere-personvernkonsekvenser\/vurdering-av-personvernkonsekvenser\/risikovurdering\/\n\n. Accessed 12 Mar 2020"},{"key":"2_CR6","unstructured":"Norwegian Data Protection Authority (Datatilsynet). \nhttps:\/\/www.datatilsynet.no\/rettigheter-og-plikter\/virksomhetenes-plikter\/vurdere-personvernkonsekvenser\/vurdering-av-personvernkonsekvenser\/nar-er-risiko-hoy\/\n\n. Accessed 12 Mar 2020"},{"key":"2_CR7","unstructured":"French Data Protection Authority, CNIL. \nhttps:\/\/www.cnil.fr\/fr\/listes-des-traitements-pour-lesquels-une-aipd-est-requise-ou-non\n\n. Accessed 12 Mar 2020"},{"key":"2_CR8","unstructured":"Information Commissioner\u2019s Office: Examples of Processing \u201clikely to result in high risk. \nhttps:\/\/ico.org.uk\/for-organisations\/guide-to-data-protection\/guide-to-the-general-data-protection-regulation-gdpr\/data-protection-impact-assessments-dpias\/examples-of-processing-likely-to-result-in-high-risk\/\n\n. Accessed 12 Mar 2020"},{"key":"2_CR9","unstructured":"Information Commissioner\u2019s Office: When do we need to do a DPIA? \nhttps:\/\/ico.org.uk\/for-organisations\/guide-to-data-protection\/guide-to-the-general-data-protection-regulation-gdpr\/data-protection-impact-assessments-dpias\/when-do-we-need-to-do-a-dpia\/\n\n. Accessed 12 Mar 2020"},{"key":"2_CR10","unstructured":"Hungarian Data Protection Authority (Nemzeti Adatv\u00e9delmi \u00e9s Inform\u00e1ci\u00f3szabads\u00e1g Hat\u00f3s\u00e1g). \nhttps:\/\/www.naih.hu\/list-of-processing-operations-subject-to-dpia-35-4--gdpr.html\n\n. Accessed 12 Mar 2020"},{"key":"2_CR11","unstructured":"Office of the Commissioner for Personal Data Protection: Indicative list of processing operations subject to DPIA requirements under Article 35(4) of the GDPR. \nhttp:\/\/www.dataprotection.gov.cy\/dataprotection\/dataprotection.nsf\/page2c_en\/page2c_en?opendocument\n\n. Accessed 12 Mar 2020"},{"key":"2_CR12","unstructured":"Polish Data Protection Authority (Urz\u0105d Ochrony Danych Osobowych): List of types of processing operations requiring DPIA. \nhttps:\/\/uodo.gov.pl\/en\/558\/939\n\n. Accessed 12 Mar 2020"},{"key":"2_CR13","unstructured":"Italian Data Protection Authority (Garante per la protezione dei dati personali): List of types of treatments subject to the consistency mechanism to be subjected to impact assessment. \nhttps:\/\/www.garanteprivacy.it\/web\/guest\/home\/docweb\/-\/docweb-display\/docweb\/9059358\n\n. Accessed 12 Mar 2020"},{"key":"2_CR14","unstructured":"Spanish Data Protection Authority (Agencia Espa\u00f1ola de Protecci\u00f3n de Datos). \nhttps:\/\/www.aepd.es\/sites\/default\/files\/2019-09\/listas-dpia-en-35-4.pdf\n\n. Accessed 12 Mar 2020"},{"key":"2_CR15","unstructured":"Data Protection Commission: List of Types of Data Processing Operations which require a Data Protection Impact Assessment. \nhttps:\/\/www.dataprotection.ie\/en\/guidance-landing\/data-processing-operations-require-data-protection-impact-assessment\n\n. Accessed 12 Mar 2020"},{"key":"2_CR16","unstructured":"Belgian Data Protection Authority (Autorit\u00e9 de protection des donn\u00e9es). Recommandation d\u2019initiative de la Commission de protection de la vie priv\u00e9e (CPVP) 01\/2018 du 28 f\u00e9vrier 2018 concernant l\u2019analyse d\u2019impact \u00e0 la protection des donn\u00e9es et la consulta-tion pr\u00e9alable. \nhttps:\/\/www.autoriteprotectiondonnees.be\/publications\/recommandation-n-01-2018.pdf\n\n. Accessed 12 Mar 2020"},{"key":"2_CR17","unstructured":"Hellenic Data Protection Authority: List of the kind of processing operations which are subject to the requirement for a data protection impact assessment according to article 35 par. 4 of GDPR. \nhttps:\/\/www.dpa.gr\/portal\/page?_pageid=33,239286&_dad=portal&_schema=PORTAL\n\n. Accessed 12 Mar 2020"},{"key":"2_CR18","unstructured":"Commission Nationale pour la protection des donn\u00e9es Grand-Duch\u00e9 de Luxembourg. \nhttps:\/\/cnpd.public.lu\/fr\/professionnels\/obligations\/AIPD.html\n\n. Accessed 12 Mar 2020"},{"key":"2_CR19","unstructured":"Dutch Data Protection Authority (Autoriteit Persoonsgegevens). \nhttps:\/\/autoriteitpersoonsgegevens.nl\/nl\/zelf-doen\/data-protection-impact-assessment-dpia\n\n, Accessed 12 Mar 2020"},{"key":"2_CR20","unstructured":"Article 29 Data Protection Working Party: Guidelines on Data Protection Impact Assessment (DPIA) and Determining Whether Processing Is \u201cLikely to Result in a High Risk\u201d for the Purposes of Regulation 2016\/679, WP 248 rev 0.1, 4 April 2017"},{"key":"2_CR21","unstructured":"Article 29 Data Protection Working Party: Opinion 03\/2013 on purpose limitation, WP 203, Adopted on 2 April 2013"},{"key":"2_CR22","unstructured":"Article 29 Data Protection Working Party: Guidelines on Data Protection Officer, 16\/EN WP243"},{"key":"2_CR23","unstructured":"Article 29 Data Protection Working Party: Opinion 02\/2013 on apps on smart devices, 13\/EN WP202"},{"key":"2_CR24","unstructured":"Article 29 Data Protection Working Party: Opinion 04\/2012 on Cookie Consent Exemption, 12\/EN WP194"},{"key":"2_CR25","unstructured":"Article 29 Data Protection Working Party: Opinion 5\/2010 on the Industry Proposal for a Privacy and Data Protection Impact Assessment Framework for RFID Applications, 10\/EN WP 175"},{"key":"2_CR26","unstructured":"Article 29 Data Protection Working Party: Opinion 06\/2014 on the notion of legitimate interests of the data controller under Article 7 of Directive 95\/46\/EC, 14\/EN WP217"},{"key":"2_CR27","unstructured":"EDPS: Guidelines on the concepts of controller, processor and joint controllership under Regulation (EU) 2018\/1725, 7 November 2019"},{"key":"2_CR28","unstructured":"EDPB Opinion 7\/2018 on the draft list of the competent supervisory authority of Greece regarding the processing operations subject to the requirement of a data protection impact assessment (Art. 35.4 GDPR), adopted on 25 September 2018"}],"container-title":["Lecture Notes in Computer Science","Privacy Technologies and Policy"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-55196-4_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,10,14]],"date-time":"2020-10-14T23:23:45Z","timestamp":1602717825000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-55196-4_2"}},"subtitle":["Lessons to Be Learned from National Authorities\u2019 DPIA \u2018Blacklists\u2019"],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030551957","9783030551964"],"references-count":28,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-55196-4_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"15 October 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"APF","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual Privacy Forum","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Lisbon","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Portugal","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 June 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"5 June 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"apf2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/privacyforum.eu\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"59","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"12","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"20% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"https:\/\/privacyforum.eu\/","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}