Book contents
- Frontmatter
- Foreword
- Note to the Readers
- Acknowledgments
- Abstract
- Contents
- PART I INTRODUCTION
- PART II STATE OF THE ART
- PART III HISTORICAL-COMPARATIVE ANALYSIS
- PART IV USE CASES
- PART V RECOMMENDATIONS
- Chapter 1 Introduction
- Chapter 2 Typology of Issues
- Chapter 3 Typology of Solutions
- Chapter 4 Recommendations
- Chapter 5 Conclusion
- Bibliography
- Miscellaneous Endmatter
Chapter 4 - Recommendations
from PART V - RECOMMENDATIONS
Published online by Cambridge University Press: 26 June 2019
- Frontmatter
- Foreword
- Note to the Readers
- Acknowledgments
- Abstract
- Contents
- PART I INTRODUCTION
- PART II STATE OF THE ART
- PART III HISTORICAL-COMPARATIVE ANALYSIS
- PART IV USE CASES
- PART V RECOMMENDATIONS
- Chapter 1 Introduction
- Chapter 2 Typology of Issues
- Chapter 3 Typology of Solutions
- Chapter 4 Recommendations
- Chapter 5 Conclusion
- Bibliography
- Miscellaneous Endmatter
Summary
1352. OUTLINE – The aim of this Chapter is to outline possible avenues for further improving the allocation of responsibility and liability among actors involved in the processing of personal data. The following recommendations shall be presented:
abolish the concepts of controller and processor or revise the definitions;
use standards and exemptions to mitigate risks of overinclusion;
require the providers of processing services to implement data protection by design;
enhance contractual flexibility in the relationship between controllers and processors; and
expand the scope of the personal use exemption.
ABOLISH THE CONCEPTS OR REVISE THE DEFINITIONS
1353. Supporting differentiation – As indicated earlier, many issues associated the controller-processor model relate to the concepts of controller and processor, rather than the policy choice of differentiating between parties involved in the processing. For this reason alone, it is worth considering whether it is possible to omit the problematic concepts of controller and processor, while still supporting differentiation as regards the allocation of responsibility and liability. Using the liability provisions of the GDPR as the point of departure, the following paragraphs will outline how the GDPR might be revised to support such differentiation whilst omitting the concepts of controller and processor. Next, a proposal for possible revisions to the controller and processor and concepts will be presented.
ABOLISHING THE CONCEPTS
1354. ARTICLE 82 GDPR – Article 82 of the GDPR provides that
“1. Any person who has suffered material or immaterial damage as a result of an infringement of the Regulation shall have the right to receive compensation from the controller or processor for the damage suffered.
2. Any controller involved in the processing shall be liable for the damage caused by the processing which is not in compliance with this Regulation. A processor shall be liable for the damage caused by the processing only where it has not complied with obligations of this Regulation specifically directed to processors or acted outside or contrary to lawful instructions of the controller.
3. A controller or processor shall be exempted from liability in accordance with paragraph 2 if it proves that it is not in any way responsible for the event giving rise to the damage.”
- Type
- Chapter
- Information
- Publisher: IntersentiaPrint publication year: 2019