Book contents
- Frontmatter
- Foreword
- Note to the Readers
- Acknowledgments
- Abstract
- Contents
- PART I INTRODUCTION
- Chapter 1 Background
- Chapter 2 Problem Statement
- Chapter 3 Research Questions
- Chapter 4 Structure and Methodology
- PART II STATE OF THE ART
- PART III HISTORICAL-COMPARATIVE ANALYSIS
- PART IV USE CASES
- PART V RECOMMENDATIONS
- Bibliography
- Miscellaneous Endmatter
Chapter 2 - Problem Statement
from PART I - INTRODUCTION
Published online by Cambridge University Press: 26 June 2019
- Frontmatter
- Foreword
- Note to the Readers
- Acknowledgments
- Abstract
- Contents
- PART I INTRODUCTION
- Chapter 1 Background
- Chapter 2 Problem Statement
- Chapter 3 Research Questions
- Chapter 4 Structure and Methodology
- PART II STATE OF THE ART
- PART III HISTORICAL-COMPARATIVE ANALYSIS
- PART IV USE CASES
- PART V RECOMMENDATIONS
- Bibliography
- Miscellaneous Endmatter
Summary
7. OUTLINE – Given the fundamental importance of both the controller and processor concepts, it is essential to be able to determine which role an actor has assumed towards a particular processing operation. Unfortunately, it can be quite difficult to apply the distinction between controller and processors in practice. Over time, data protection authorities and courts have provided guidance to inform the practical application of the controller and processor concepts. Notwithstanding the guidance, however, certain scholars have continued to question the utility of the controller-processor model. The following sections outline three perceived vulnerabilities of the current framework.
A BROKEN “BINARY”
8. OVERSIMPLIFICATION? – Perhaps the most common critique of the controller-processor model is that the “binary” distinction between controllers and processors is too simplistic. While the model may be readily applied in certain situations, the complexity of today's processing operations is such that a clear-cut distinction between controllers and processors is seldom possible. As a result, the binary distinction is considered inadequate to accommodate the increasingly collaborative manner in which businesses operate. Nowadays, control relationships are more complex than the “either/or” approach of the controller-processor model; whereby one party (or group of parties) exercises complete control over the processing, and another party (or group of parties) simply executes the tasks it has been given, without exercising any substantial influence as to either the purposes or means of the processing.
9. EVOLVING PROCESSING PRACTICES – At the time Directive 95/46 was adopted, the distinction between parties who control the processing of personal data (data controllers) and those who simply process the data on behalf of someone else (data processors) was considered to be relatively clear. Today we are confronted with a “growing tendency towards organisational differentiation”. In both the public and private sector
“there is a growing emphasis on the development of delivery chains or service delivery across organisations and on the use of subcontracting or outsourcing of services in order to benefit from specialisation and possible economies of scale. As a result, there is a growth in various services, offered by service providers, who do not always consider themselves responsible or accountable […].”
- Type
- Chapter
- Information
- Publisher: IntersentiaPrint publication year: 2019