I’m pleased to announce the publication of our Intelligent Campus Data Protection Impact Assessment Toolkit.
Intelligent Campuses use existing data and new sensors to deliver better places to study, work, live and socialise. But there’s a risk with any use of data or sensors that even the best-intentioned ideas will be misused or misunderstood: as inappropriate, intrusive or even surveillance. Data Protection law suggests – may even require – conducting a Data Protection Impact Assessment (DPIA) as a way to understand risks to individuals, to explore less intrusive ways of achieving the objective (or conclude that it cannot be achieved with acceptable risk), and to implement appropriate safeguards. There are plenty of guides to how to conduct a DPIA, but it may be hard to work out how to apply these to a specific domain, especially when that is as novel as the intelligent campus.
Our toolkit aims to fill that gap, by providing domain-specific help on how to assess intrusiveness, the risks to consider, and the controls and mitigations that might help to reduce those to, and keep them at, an acceptable level. It was inspired by a DPIA template for RFID applications that was approved by European Regulators back in 2011, and informed by lots of presentations and conversations with many people. Thanks for all your inputs!
If you’d like to know more about the background, there’s a peer-reviewed paper – “See no… Hear no… Track no… Ethics and the Intelligent Campus”. But the toolkit should contain all you need to use it. I’d very much like to add a collection of experiences, case studies and similar supporting material, so please let me know how you are using it.