Book contents
- Frontmatter
- Foreword
- Note to the Readers
- Acknowledgments
- Abstract
- Contents
- PART I INTRODUCTION
- PART II STATE OF THE ART
- Chapter 1 Introduction
- Chapter 2 Scope of EU Data Protection Law
- Chapter 3 Basic Protections
- Chapter 4 Allocation of Responsibility
- Chapter 5 Liability Exposure of Controllers and Processors
- Chapter 6 Specific Issues
- Chapter 7 Additional Functions of the Controller and Processor Concepts
- Chapter 8 Conclusion
- PART III HISTORICAL-COMPARATIVE ANALYSIS
- PART IV USE CASES
- PART V RECOMMENDATIONS
- Bibliography
- Miscellaneous Endmatter
Chapter 7 - Additional Functions of the Controller and Processor Concepts
from PART II - STATE OF THE ART
Published online by Cambridge University Press: 26 June 2019
- Frontmatter
- Foreword
- Note to the Readers
- Acknowledgments
- Abstract
- Contents
- PART I INTRODUCTION
- PART II STATE OF THE ART
- Chapter 1 Introduction
- Chapter 2 Scope of EU Data Protection Law
- Chapter 3 Basic Protections
- Chapter 4 Allocation of Responsibility
- Chapter 5 Liability Exposure of Controllers and Processors
- Chapter 6 Specific Issues
- Chapter 7 Additional Functions of the Controller and Processor Concepts
- Chapter 8 Conclusion
- PART III HISTORICAL-COMPARATIVE ANALYSIS
- PART IV USE CASES
- PART V RECOMMENDATIONS
- Bibliography
- Miscellaneous Endmatter
Summary
261. OUTLINE – The qualification of an actor as either a controller or processor has implications beyond the allocation of responsibility and liability. To begin with, the qualification is important to determine whether EU data protection law applies to the processing, and if so, to what extent. In addition, determining the appropriate qualification of the actors involved may also be necessary to comply with a number of substantive provisions, in particular provisions regarding (a) transparency of processing; (b) data subject rights; (c) balance of interests and (d) legal binding between controllers and processors. The aim of this section is to briefly elaborate upon the additional functions which the controller and processor concepts fulfil within the regulatory scheme of EU data protection law.
TERRITORIAL SCOPE
262. ESTABLISHMENT OF CONTROLLER OR PROCESSOR – Article 3 sets forth when processing of personal data falls within the territorial scope of the GDPR. One of the main factors in each of these instances is the territory in which the controller or processor is established. For example, Article 3(1) stipulates that the GDPR shall apply to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union. Determining the territorial scope of the GDPR pursuant to Article 3(1) therefore implies prior identification of the entity which is acting as a “controller” or “processor” of the processing, as well as the location of its “establishment(s)”.
263. SEPARATE APPLICATION – The EDPB has taken the view that when it comes to the identification of the different obligations triggered by the applicability of the GDPR, the processing by each entity (controller or processor) must be considered separately. The GDPR envisages different and dedicated provisions or obligations applying to data controllers and processors respectively, and as such, should a data controller or processor be subject to the GDPR, the related obligations would apply to them respectively and separately. As a result, the EDPB also considers it important to consider the establishment of the controller and processor separately for purposes of Article 3.
264. TARGETING OR MONITORING – Similar considerations also apply in the context of Article 3(2) GDPR. Article 3(2) determines the territorial scope of the GDPR in case of processing of personal data by a controller or processor not established in the Union.
- Type
- Chapter
- Information
- Publisher: IntersentiaPrint publication year: 2019