Skip to main content Accessibility help
  • Print publication year: 2019
  • Online publication date: June 2019

Chapter 8 - Conclusion




682. OUTLINE – The objective of this Chapter is to synthesize how the controller and processor and processor concepts developed over time. While tracing the origin and development of both concepts, special consideration will be given to how the concepts have been used to determine the allocation of responsibility and liability. Three questions in particular shall serve as a guide:

  • (a) Does the instrument formally define who is responsible for compliance?
  • (b) How does the instrument deal with situations of outsourcing? Is there a formal recognition of agents “acting on behalf of” the entity responsible for compliance?
  • (c) How are responsibility and liability allocated? Is every actor subject to its own independent obligations? Or is a contractual approach adopted?


    683. ETYMOLOGY – According to Sjöblom, the term “control” was brought into the English language in the late middle ages from the French “contre-rôle”, which meant “duplicate register”. The original meaning of “control” was thus “to take and keep a copy of a roll of accounts and to look for errors theirein” or “to check or verify, and hence to regulate”. By the 17th century, “control” also referred to the nature of the relationship between the verifier and the verified, signifying “mastery” over something or someone.

    684. CONTROL IN THE CONTEXT OF COMPUTING – During the 1940s, computers were seen (and often designated) as “control systems”. For example, computers were deployed for purposes of “gunfire control” or “inventory control”. During the late 1950s, the term “control” became increasingly associated with “management control” in the context of organisational theory. In this context, the concept of “control” has been associated with the generic management process. The generic management process comprises different elements, such as

  • “(1) setting objectives;
  • (2) deciding on preferred strategies for achieving those objectives, and then
  • (3) implementing those strategies while
  • (4) making sure that nothing, or as little as possible, goes wrong”.
  • Both meanings of “control” also found their application in the context of computing and, eventually, in the context of data protection law. As Sjöblom observes:

    “[C]ontrol suggests agency – that someone is using computer-based systems to control something and achieve a certain objective […] With its undertone of domination, control helps highlight issues of power relations inherent in computer use […].”

    Related content

    Powered by UNSILO