3.2 Illustration: the BEMS System
4.2 Identifiability and Anonymization
4.3 Categories of Data
4.4 Personal Data Attributes
4.4.1 Attributes Related to the Nature of the Data
4.4.2 Attributes Related to the Format of the Data
4.4.3 Attributes Related to the Context
4.4.4 Attributes Related to Control
4.5 Illustration: the BEMS System
5.1 The Nature of the Stakeholders
5.2 Stakeholder Categories
5.3 Stakeholder Attributes
5.4 Illustration: the BEMS System
6.1 Risk Source Attributes
6.1.1 Nature of the Risk Sources
6.1.2 Motivation
6.1.3 Resources
6.2 Illustration: the BEMS System
7.1 Variations in Terminology
7.2 Feared Event Categories
7.3 Feared Event Attributes
7.4 Illustration: the BEMS System
8.1 The Nature of Privacy Harms
8.1.1 Variations on Privacy Harms
8.1.2 Recognition of Privacy Harms by Law
8.2 Categories of Privacy Harms
8.3 Attributes of Privacy Harms
8.3.1 Victims
8.3.2 Extent
8.3.3 Severity
8.4 Illustration: the BEMS System
9.1 Scope and Objectives of a PIA
9.2 DPIA Template for Smart Grid and Smart Metering
9.3 Privacy Risk Analysis in Existing Frameworks
9.4 Key Steps of a Privacy Risk Analysis
9.5 Illustration: Evaluation of the Risks for the BEMS System
A Summary of Categories and Attributes of the Components of a Privacy Risk Analysis
B Definitions of Personal Data Across Regulations and Standards
C Definitions of Stakeholders Across Regulations and Standards
D Privacy Risk Analysis Components in Existing Frameworks
Preface
Risk analysis and risk management are common approaches in areas as varied as environment protection, public health and computer security. In some sense, one may also argue that the original purpose of data protection laws was to reduce the risks to privacy posed by the development of new technologies [58]. In Europe however, the current Data Protection Directive [47] does not rely heavily on privacy risk analysis or Privacy Impact Assessment (PIA).1 The situation is going to change dramatically with the new General Data Protection Regulation (GDPR) [48], which shall apply from May 25, 2018.
The GDPR represents a fundamental shift from an administrative process based on a priori controls to a risk-based accountability approach in which PIAs2 play a key role. The virtues of the risk-based approach to privacy have been praised by many authors and stakeholders [26]. The main practical benefit expected from the approach is an increased effectiveness in terms of privacy protection: risk assessment makes it possible to focus on the most significant problems and to calibrate measures based on the estimated risks. Organizations also appreciate the fact that legal requirements can be implemented with greater flexibility. Another argument in favor of the risk-based approach is the observation that it is more and more difficult to draw a clear line between anonymous data and personal data, or between sensitive data and non-sensitive data. For this reason, there is