Book contents
- Frontmatter
- Foreword
- Note to the Readers
- Acknowledgments
- Abstract
- Contents
- PART I INTRODUCTION
- PART II STATE OF THE ART
- Chapter 1 Introduction
- Chapter 2 Scope of EU Data Protection Law
- Chapter 3 Basic Protections
- Chapter 4 Allocation of Responsibility
- Chapter 5 Liability Exposure of Controllers and Processors
- Chapter 6 Specific Issues
- Chapter 7 Additional Functions of the Controller and Processor Concepts
- Chapter 8 Conclusion
- PART III HISTORICAL-COMPARATIVE ANALYSIS
- PART IV USE CASES
- PART V RECOMMENDATIONS
- Bibliography
- Miscellaneous Endmatter
Chapter 4 - Allocation of Responsibility
from PART II - STATE OF THE ART
Published online by Cambridge University Press: 26 June 2019
- Frontmatter
- Foreword
- Note to the Readers
- Acknowledgments
- Abstract
- Contents
- PART I INTRODUCTION
- PART II STATE OF THE ART
- Chapter 1 Introduction
- Chapter 2 Scope of EU Data Protection Law
- Chapter 3 Basic Protections
- Chapter 4 Allocation of Responsibility
- Chapter 5 Liability Exposure of Controllers and Processors
- Chapter 6 Specific Issues
- Chapter 7 Additional Functions of the Controller and Processor Concepts
- Chapter 8 Conclusion
- PART III HISTORICAL-COMPARATIVE ANALYSIS
- PART IV USE CASES
- PART V RECOMMENDATIONS
- Bibliography
- Miscellaneous Endmatter
Summary
69. OUTLINE – EU data protection law assigns primary responsibility for compliance with its provisions to the controller(s) of the processing. It also assigns responsibility to the processor(s), as a means to address the situation where a controller enlists another actor to process personal data on its behalf. Given the central importance of these concepts to the research question of this book, it is necessary to analyse the meaning of these concepts in some detail. The following subsections will analyse
the key elements of the controller and processor concepts;
the legal relationship between controllers and processors; and
the legal relationship between joint controllers.
KEY ELEMENTS OF THE “CONTROLLER” AND “PROCESSOR” CONCEPTS
70. PRELIMINARY REMARKS – With the adoption of Directive 95/46, the key principles for allocating responsibility and liability among controllers and processors were established. How these principles were to be applied in practice would be determined by a steadily growing body of materials (opinions, recommendations, enforcement actions) developed by national data protection authorities. For quite some time, only limited EU-wide guidance existed on how to apply the concepts of “controller” and “processor” practice. While the Article 29 Working Party was called upon to interpret these concepts in relation to specific cases, the resulting guidance was generally closely tied to the specific issue at hand.
71. OPINION 1/2010 – In 2010, the Article 29 Working Party published an Opinion on the concepts of “controller” and “processor”. The main motivation for the Opinion was a desire to promote a consistent and harmonized approach in the interpretation of these concepts among the Member States. Opinion 1/2010 of the Article 29 Working Party represents the most comprehensive attempt to clarify the meaning of the “controller” and “processor” concepts to date. Given the authority enjoyed by WP29 opinions, as well as their strategic importance, Opinion 1/2010 will serve as the main source of reference when analysing the key elements of the controller and processor concepts over the following sections.
72. CJEU CASE LAW – Since the adoption Opinion 1/2010, the CJEU has been called upon to clarify to interpret the concepts of controller, joint controller and processor in a number of cases. The most important of those cases are Google Spain, Wirtschaft sakademie (or “Fan pages”), Jehovah's witnesses and Fashion ID. Where relevant, reference shall also be made to those judgments of the CJEU and the accompanying AG Opinions.
- Type
- Chapter
- Information
- Publisher: IntersentiaPrint publication year: 2019