Data Controller: Difference between revisions

From IDESG Wiki
Jump to navigation Jump to search
mNo edit summary
 
(3 intermediate revisions by the same user not shown)
Line 2: Line 2:
An [[Entity]] that holds [[User Private Information]] stored within a computer system. In normal usage the [[User Agent]] is not considered to be a data controller.
An [[Entity]] that holds [[User Private Information]] stored within a computer system. In normal usage the [[User Agent]] is not considered to be a data controller.


== Rationale ==
==Context==
The controller is referred to in the [[General Data Protection Regulation]] as the subject that is able to control [[User Private Information]] in a [[User Object]]. The subject is expected to have continued real-world existence from one interchange to another.
The controller is referred to in the [[General Data Protection Regulation]] as the subject that is able to control [[User Private Information]] in a [[User Object]]. The subject is expected to have continued real-world existence from one interchange to another.


Line 31: Line 31:


==References==
==References==
===Wiki Pages===
That reference the [[Data Controller]]
* [[User Notice]]
* [[User recovery and redress]]
[[Category:Glossary]]
[[Category:Glossary]]
[[Category:Privacyy]]
[[Category:Privacy]]

Latest revision as of 00:25, 15 February 2020

Full title or Meme

An Entity that holds User Private Information stored within a computer system. In normal usage the User Agent is not considered to be a data controller.

Context

The controller is referred to in the General Data Protection Regulation as the subject that is able to control User Private Information in a User Object. The subject is expected to have continued real-world existence from one interchange to another.

Value and Context for Use in IDESG

The term Entity is commonly used in the IDESG documentation. This is only included based on the usage of the term "Controller" in the General Data Protection Regulation.

Formal Definition

An individual natural person, or an entity such as a company or agency, that maintains User Private Information at the consent of the user.

Source materials used

While this term is broadly used, there appears to be no formal definition at the international level.

  • In Ireland the term is defined as: the individual or the legal person who controls and is responsible for the keeping and use of personal information on computer or in structured manual files. Being a data controller carries with it serious legal responsibilities, so you should be quite clear if these responsibilities apply to you or your organisation. If you are in any doubt, or are unsure about the identity of the data controller in any particular case, you should consult your legal adviser or seek the advice of the Data Protection Commissioner.
  • In the UK the term is defined as: a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.

Both of these definitions would seem to include a user's credential manager, but that is not likely to have been the intent of the authors.

Potential problems

  • User Notice is require by most regulations which requires the controller to maintain some sort of data channel to the user which is not subject to user control.

Disambiguation

Same term, different concept?

  • Add list item

Different term, same concept?

References

Wiki Pages

That reference the Data Controller