The risk-based approach in practice
The goal of this chapter is to analyse some of the main caveats associated with the risk-based approach in practice, that is, with the use of meta regulation. The risk-based approach is an attempt to address some of the issues that data protection as command and control regulation has faced. However, in trying to address these issues, and in particular (but not only) through the use of risk management as the main tool of regulation, the risk-based approach creates a number of new problems. More in particular, one can distinguish between three different issues. Methodological issues concerning techniques for assessing and managing risks; regulatory issues in particular as far as the collaboration between regulators and regulatees is concerned; and implementational issues, that is, concerning the way in which risk management is actually implemented in practice, “on the ground”.