Data Protection Law in the EU: Roles, Responsibilities and Liability

Brendan Van Alsenoy

doi:10.1017/9781780688459

Search within full text

EU data protection law imposes a series of requirements designed to protect individuals against the risks that result from the processing of their data. It also distinguishes among different types of actors involved in the processing, setting out different obligations for each actor. The most important distinction in this regard is the distinction between "controllers" and "processors". Together, these concepts provide the very basis upon which responsibility for compliance with EU data protection law is allocated. As a result, both concepts play a decisive role in determining the potential liability of an organisation under EU data protection law, including the General Data Protection Regulation (GDPR). Technological and societal developments have made it increasingly difficult to apply the controller-processor model in practice. The main factors are the growing complexity of processing operations, the diversification of processing, services and the sheer number of actors that can be involved. Against this background, this book seeks to determine whether EU data protection law should continue to maintain the controller-processor model as the main basis for allocating responsibility and liability. This book provides its readers with the analytical framework to help them navigate the intricate relationship of roles, responsibility and liability under EU data protection law. The book begins with an in-depth analysis of the nature and role of the controller and processor concepts. The key elements of each are examined in detail, as is the associated allocation of responsibility and liability. The next part contains a historical-comparative analysis, which traces the origin and development of the controller-processor model over time. To identify the main problems that occur when applying the controller-processor model in practice, a number of real-life use cases are examined (cloud computing, social media, identity management and search engines). In the final part, a critical evaluation is made of the choices made by the European legislature in the context of the GDPR. It is clear that the GDPR has introduced considerable improvements in comparison to EU Directive 95/46. In the long run, however, further changes may well be necessary. By way of conclusion, a number of avenues for possible improvements are presented. Dr Brendan Van Alsenoy is a Legal Advisor at the Belgian Data Protection Authority and a senior affiliated researcher at the KU Leuven Centre for IT & IP Law, and co-editor of Privacy & Persoonsgegevens. He has previously worked as a legal researcher at the KU Leuven Centre for IT & IP Law, with a focus on data protection and privacy, intermediary liability and trust services. In 2012, he worked at the Organisation for Economic Co-operation and Development (OECD) to assist in the revision of the 1980 OECD Privacy Guidelines.

- Aa Reduce text
- Aa Enlarge text

View selected items
Save to my bookmarks
Export citations
Download PDF (zip)
Save to Kindle
Save to Dropbox
Save to Google Drive
Save content to
To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to .

To save content items to your Kindle, first ensure coreplatform@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about saving to your Kindle.

Note you can select to save to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be saved to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service.

Please be advised that item(s) you selected are not available.
You are about to save
Your Kindle email address

Please provide your Kindle email.

@free.kindle.com @kindle.com (service fees apply)

By using this service, you agree that you will only keep content for personal use, and will not openly distribute them via Dropbox, Google Drive or other file sharing services

Page 1 of 2

First
« Prev
1
2
Next »
Last

Contents

Frontmatter
pp i-iv
- - Get access
    
    Check if you have access via personal or institutional login
    
    Log in Register
- Export citation

Foreword
pp v-vi
- - Get access
    
    Check if you have access via personal or institutional login
    
    Log in Register
- Export citation

Note to the Readers
pp vii-viii
- - Get access
    
    Check if you have access via personal or institutional login
    
    Log in Register
- Export citation

Acknowledgments
pp ix-x
- - Get access
    
    Check if you have access via personal or institutional login
    
    Log in Register
- Export citation

Abstract
pp xi-xii
- - Get access
    
    Check if you have access via personal or institutional login
    
    Log in Register
- Export citation

Contents
pp xiii-xxvi
- - Get access
    
    Check if you have access via personal or institutional login
    
    Log in Register
- Export citation

PART I - INTRODUCTION
pp 1-2
- - Get access
    
    Check if you have access via personal or institutional login
    
    Log in Register
- Export citation

Chapter 1 - Background
pp 3-6
- - Get access
    
    Check if you have access via personal or institutional login
    
    Log in Register
- Export citation

Chapter 2 - Problem Statement
pp 7-12
- - Get access
    
    Check if you have access via personal or institutional login
    
    Log in Register
- Export citation

Chapter 3 - Research Questions
pp 13-16
- - Get access
    
    Check if you have access via personal or institutional login
    
    Log in Register
- Export citation

Chapter 4 - Structure and Methodology
pp 17-20
- - Get access
    
    Check if you have access via personal or institutional login
    
    Log in Register
- Export citation

PART II - STATE OF THE ART
pp 21-22
- - Get access
    
    Check if you have access via personal or institutional login
    
    Log in Register
- Export citation

Chapter 1 - Introduction
pp 23-24
- - Get access
    
    Check if you have access via personal or institutional login
    
    Log in Register
- Export citation

Chapter 2 - Scope of EU Data Protection Law
pp 25-32
- - Get access
    
    Check if you have access via personal or institutional login
    
    Log in Register
- Export citation

Chapter 3 - Basic Protections
pp 33-46
- - Get access
    
    Check if you have access via personal or institutional login
    
    Log in Register
- Export citation

Chapter 4 - Allocation of Responsibility
pp 47-82
- - Get access
    
    Check if you have access via personal or institutional login
    
    Log in Register
- Export citation

Chapter 5 - Liability Exposure of Controllers and Processors
pp 83-116
- - Get access
    
    Check if you have access via personal or institutional login
    
    Log in Register
- Export citation

Chapter 6 - Specific Issues
pp 117-140
- - Get access
    
    Check if you have access via personal or institutional login
    
    Log in Register
- Export citation

Chapter 7 - Additional Functions of the Controller and Processor Concepts
pp 141-144
- - Get access
    
    Check if you have access via personal or institutional login
    
    Log in Register
- Export citation

Chapter 8 - Conclusion
pp 145-148
- - Get access
    
    Check if you have access via personal or institutional login
    
    Log in Register
- Export citation

PART III - HISTORICAL-COMPARATIVE ANALYSIS
pp 149-150
- - Get access
    
    Check if you have access via personal or institutional login
    
    Log in Register
- Export citation

Chapter 1 - Introduction
pp 151-154
- - Get access
    
    Check if you have access via personal or institutional login
    
    Log in Register
- Export citation

Chapter 2 - The Emergence of Data Protection Law
pp 155-162
- - Get access
    
    Check if you have access via personal or institutional login
    
    Log in Register
- Export citation

Chapter 3 - National Data Protection Laws before 1980
pp 163-206
- - Get access
    
    Check if you have access via personal or institutional login
    
    Log in Register
- Export citation

Chapter 4 - International Instruments
pp 207-230
- - Get access
    
    Check if you have access via personal or institutional login
    
    Log in Register
- Export citation

Chapter 5 - National Data Protection Laws after 1981
pp 231-260
- - Get access
    
    Check if you have access via personal or institutional login
    
    Log in Register
- Export citation

Chapter 6 - irective 95/46/EC
pp 261-278
- - Get access
    
    Check if you have access via personal or institutional login
    
    Log in Register
- Export citation

Chapter 7 - General Data Protection Regulation
pp 279-324
- - Get access
    
    Check if you have access via personal or institutional login
    
    Log in Register
- Export citation

Chapter 8 - Conclusion
pp 325-340
- - Get access
    
    Check if you have access via personal or institutional login
    
    Log in Register
- Export citation

PART IV - USE CASES
pp 341-342
- - Get access
    
    Check if you have access via personal or institutional login
    
    Log in Register
- Export citation

Page 1 of 2

First
« Prev
1
2
Next »
Last

Metrics

Total number of HTML views: 0

Total number of PDF views: 0 *

Loading metrics...

Total views: 0 *

Loading metrics...

* Views captured on Cambridge Core between #date#. This data will be updated every 24 hours.

Usage data cannot currently be displayed.

Data Protection Law in the EU: Roles, Responsibilities and Liability

This Book has been cited by the following publications. This list is generated based on data provided by Crossref.

Book description

Refine List

Actions for selected content:

Contents

Frontmatter
pp i-iv

Foreword
pp v-vi

Note to the Readers
pp vii-viii

Acknowledgments
pp ix-x

Abstract
pp xi-xii

Contents
pp xiii-xxvi

PART I - INTRODUCTION
pp 1-2

Chapter 1 - Background
pp 3-6

Chapter 2 - Problem Statement
pp 7-12

Chapter 3 - Research Questions
pp 13-16

Chapter 4 - Structure and Methodology
pp 17-20

PART II - STATE OF THE ART
pp 21-22

Chapter 1 - Introduction
pp 23-24

Chapter 2 - Scope of EU Data Protection Law
pp 25-32

Chapter 3 - Basic Protections
pp 33-46

Chapter 4 - Allocation of Responsibility
pp 47-82

Chapter 5 - Liability Exposure of Controllers and Processors
pp 83-116

Chapter 6 - Specific Issues
pp 117-140

Chapter 7 - Additional Functions of the Controller and Processor Concepts
pp 141-144

Chapter 8 - Conclusion
pp 145-148

PART III - HISTORICAL-COMPARATIVE ANALYSIS
pp 149-150

Chapter 1 - Introduction
pp 151-154

Chapter 2 - The Emergence of Data Protection Law
pp 155-162

Chapter 3 - National Data Protection Laws before 1980
pp 163-206

Chapter 4 - International Instruments
pp 207-230

Chapter 5 - National Data Protection Laws after 1981
pp 231-260

Chapter 6 - irective 95/46/EC
pp 261-278

Chapter 7 - General Data Protection Regulation
pp 279-324

Chapter 8 - Conclusion
pp 325-340

PART IV - USE CASES
pp 341-342

Metrics

Full text views

Book summary page views

Data Protection Law in the EU: Roles, Responsibilities and Liability

Book description

Refine List

Actions for selected content:

Save Search

Contents

Metrics

Full text views

Book summary page views