In some ways, Privacy Impact Assessments (PIAs) are the culmination, in the privacy protection field, of social, political and legal processes of more than 50 years, with their roots in environmental and social impact assessments of the past.  The concept of a PIA emerged and grew in Australia, Canada, Hong Kong, New Zealand and the United States from about the mid-1990s, and, as recently as 2007, in the UK. Although there are differences in the way in which privacy impact assessments are conducted in these countries, a PIA may be defined as a systematic process for evaluating the potential effects on privacy of a project, initiative or proposed system or scheme and finding ways to mitigate or avoid any adverse effects

The Madrid Resolution adopted by the last International Conference of Privacy and Data Protection Commissioners in November 2009 encourages "The implementation of privacy impact assessments prior to implementing new information systems and/or technologies for the processing of personal data, as well as prior to carrying out any new method of processing personal data or substantial modifications in existing processing."

Although the concept of PIAs is not unknown in Europe, Europe has not progressed so far as the six previously mentioned countries in implementation of a PIA policy. Europe does, however, have the opportunity to consider an in-depth examination of PIA practices in other countries, to draw upon the best elements of those practices and to craft an even more effective PIA policy to address the vexing problems and challenges to the Information Society.

EC logo