Data Controller: Difference between revisions
m (→Rationale) |
m (→Wiki Pages) |
||
(2 intermediate revisions by the same user not shown) | |||
Line 31: | Line 31: | ||
==References== | ==References== | ||
===Wiki Pages=== | |||
That reference the [[Data Controller]] | |||
* [[User Notice]] | |||
* [[User recovery and redress]] | |||
[[Category:Glossary]] | [[Category:Glossary]] | ||
[[Category: | [[Category:Privacy]] |
Latest revision as of 00:25, 15 February 2020
Full title or Meme
An Entity that holds User Private Information stored within a computer system. In normal usage the User Agent is not considered to be a data controller.
Context
The controller is referred to in the General Data Protection Regulation as the subject that is able to control User Private Information in a User Object. The subject is expected to have continued real-world existence from one interchange to another.
Value and Context for Use in IDESG
The term Entity is commonly used in the IDESG documentation. This is only included based on the usage of the term "Controller" in the General Data Protection Regulation.
Formal Definition
An individual natural person, or an entity such as a company or agency, that maintains User Private Information at the consent of the user.
Source materials used
While this term is broadly used, there appears to be no formal definition at the international level.
- In Ireland the term is defined as: the individual or the legal person who controls and is responsible for the keeping and use of personal information on computer or in structured manual files. Being a data controller carries with it serious legal responsibilities, so you should be quite clear if these responsibilities apply to you or your organisation. If you are in any doubt, or are unsure about the identity of the data controller in any particular case, you should consult your legal adviser or seek the advice of the Data Protection Commissioner.
- In the UK the term is defined as: a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.
Both of these definitions would seem to include a user's credential manager, but that is not likely to have been the intent of the authors.
Potential problems
- User Notice is require by most regulations which requires the controller to maintain some sort of data channel to the user which is not subject to user control.
Disambiguation
Same term, different concept?
- Add list item
Different term, same concept?
- Entity: the formal IDESG term for a natural or legal person that stores User Private Information within a running computer system.
- PII Controller is (sort of) defined in the Consent Receipt.
References
Wiki Pages
That reference the Data Controller