11 THE ITALIAN LAW JOURNAL NO. 2 (2025)

 

Impact Assessments and the Protection of Fundamental Rights in the Processing of Personal Data

by Paola Pasqualone

The Data Protection Impact Assessment (DPIA) represents a pivotal instrument for safeguarding fundamental rights in the context of personal data processing, particularly in environments shaped by rapid technological innovation. Anchored in the principle of accountability enshrined in the General Data Protection Regulation (GDPR), the DPIA serves not merely as a compliance mechanism, but as a substantive tool for risk assessment and mitigation. This article examines the evolving function of the DPIA in contemporary data governance, with a specific focus on recent decisions issued by the Italian Data Protection Authority concerning the deployment of widely used chatbot technologies. These cases illuminate both the preventive and remedial dimensions of the DPIA, while simultaneously exposing a persistent lack of uniformity in its practical implementation and interpretive contours. The analysis underscores the existing tensions between formal compliance and effective protection of data subjects’ rights, and advocates for a more coherent and harmonised interpretative framework to enhance the DPIA’s role as a cornerstone of data protection by design.

DOI 10.23815/2421-2156.ITALJ           ISSN 2421-2156

 Read the full article