We use cookies to distinguish you from other users and to provide you with a better experience on our websites. Close this message to accept cookies or find out how to manage your cookie settings.
We use cookies to distinguish you from other users and to provide you with a better experience on our websites. Close this message to accept cookies or find out how to manage your cookie settings.
from PART V - RECOMMENDATIONS
Published online by Cambridge University Press: 26 June 2019
1352. OUTLINE – The aim of this Chapter is to outline possible avenues for further improving the allocation of responsibility and liability among actors involved in the processing of personal data. The following recommendations shall be presented:
abolish the concepts of controller and processor or revise the definitions;
use standards and exemptions to mitigate risks of overinclusion;
require the providers of processing services to implement data protection by design;
enhance contractual flexibility in the relationship between controllers and processors; and
expand the scope of the personal use exemption.
ABOLISH THE CONCEPTS OR REVISE THE DEFINITIONS
1353. Supporting differentiation – As indicated earlier, many issues associated the controller-processor model relate to the concepts of controller and processor, rather than the policy choice of differentiating between parties involved in the processing. For this reason alone, it is worth considering whether it is possible to omit the problematic concepts of controller and processor, while still supporting differentiation as regards the allocation of responsibility and liability. Using the liability provisions of the GDPR as the point of departure, the following paragraphs will outline how the GDPR might be revised to support such differentiation whilst omitting the concepts of controller and processor. Next, a proposal for possible revisions to the controller and processor and concepts will be presented.
ABOLISHING THE CONCEPTS
1354. ARTICLE 82 GDPR – Article 82 of the GDPR provides that
“1. Any person who has suffered material or immaterial damage as a result of an infringement of the Regulation shall have the right to receive compensation from the controller or processor for the damage suffered.
2. Any controller involved in the processing shall be liable for the damage caused by the processing which is not in compliance with this Regulation. A processor shall be liable for the damage caused by the processing only where it has not complied with obligations of this Regulation specifically directed to processors or acted outside or contrary to lawful instructions of the controller.
3. A controller or processor shall be exempted from liability in accordance with paragraph 2 if it proves that it is not in any way responsible for the event giving rise to the damage.”
To save this book to your Kindle, first ensure [email protected] is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about saving to your Kindle.
Note you can select to save to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be saved to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.
Find out more about the Kindle Personal Document Service.
To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Dropbox.
To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Google Drive.
