EU data protection law imposes a series of requirements designed to protect individuals against the risks that result from the processing of their data. It also distinguishes among different types of actors involved in the processing, setting out different obligations for each actor. The most important distinction in this regard is the distinction between “controllers” and “processors”. Together, these concepts provide the very basis upon which responsibility for compliance with EU data protection law is allocated. As a result, both concepts play a decisive role in determining the potential liability of an organisation under EU data protection law, including the General Data Protection Regulation (GDPR).
Technological and societal developments have made it increasingly difficult to apply the controller-processor model in practice. The main factors are the growing complexity of processing operations, the diversification of processing, services and the sheer number of actors that can be involved. Against this background, this book seeks to determine whether EU data protection law should continue to maintain the controller-processor model as the main basis for allocating responsibility and liability.
This book provides its readers with the analytical framework to help them navigate the intricate relationship of roles, responsibility and liability under EU data protection law. The book begins with an in-depth analysis of the nature and role of the controller and processor concepts. The key elements of each are examined in detail, as is the associated allocation of responsibility and liability. The next part contains a historical-comparative analysis, which traces the origin and development of the controller-processor model over time. To identify the main problems that occur when applying the controller-processor model in practice, a number of real-life use cases are examined (cloud computing, social media, identity management and search engines). In the final part, a critical evaluation is made of the choices made by the European legislature in the context of the GDPR. It is clear that the GDPR has introduced considerable improvements in comparison to EU Directive 95/46. In the long run, however, further changes may well be necessary. By way of conclusion, a number of avenues for possible improvements are presented.
Dr Brendan Van Alsenoy is a Legal Advisor at the Belgian Data Protection Authority and a senior affiliated researcher at the KU Leuven Centre for IT & IP Law, and co-editor of Privacy & Persoonsgegevens. He has previously worked as a legal researcher at the KU Leuven Centre for IT & IP Law, with a focus on data protection and privacy, intermediary liability and trust services. In 2012, he worked at the Organisation for Economic Co-operation and Development (OECD) to assist in the revision of the 1980 OECD Privacy Guidelines.
There are no separate chapters available for this publication.
The KU Leuven Centre for IT & IP Law Series brings together the results of research activities of the Centre for IT & IP Law.
The central research themes of the series concern the legal and ethical aspects of information technology, innovation and intellectual property.
Each book in the series focuses on the essential developments in the current legal framework, necessitated by the rapid evolution of technology in various fields, such as government, media, health care, informatics, digital economy, banking, transport and culture. The research is characterised by an interdisciplinary approach, constantly cross-fertilising legal, technical, economic, ethical and socio-cultural perspectives.
Books are published in English, Dutch and/or French.
Subscribe now to the series and enjoy a 15% discount on each volume!
De KU Leuven Center for IT & IP Law Series verzamelt de resultaten van de onderzoeksactiviteiten van het Centrum voor IT & IP-recht.
In de reeks komen de juridische en ethische aspecten van informatietechnologie, innovatie en intellectuele eigendom aan bod.
Elk boek in de reeks belicht de belangrijke ontwikkelingen in het bestaande juridische kader die noodzakelijk zijn omwille van de snelle technologische evolutie in verschillende sectoren zoals de overheid, de media, de gezondheidszorg, informatica, de digitale economie, banken, transport en cultuur.
Elk onderwerp wordt interdisciplinair benaderd met een voortdurende kruisbestuiving tussen de juridische, technische, economische, ethische en sociaal-culturele domeinen.
De volumes in de reeks verschijnen in het Engels, Nederlands en / of Frans.
Als u intekent op de reeks, betaalt u permanent 15% minder. U krijgt alle komende edities uit deze reeks automatisch toegestuurd, zodra ze beschikbaar zijn. U mag uw intekening schriftelijk opzeggen na ontvangst van minimaal twee titels uit de reeks.