Data Controller: Difference between revisions
m (15 revisions imported: Initial Upload of old pages from IDESG Wiki) |
(No difference)
|
Revision as of 03:51, 28 June 2018
Status: Proposed
This concept has been submitted as a new entry to the Glossary. It has not yet been validated or reviewed.
Description
An Entity that holds User Private Information stored within a computer system. In normal usage the User Agent is not considered to be a data controller.
Rationale
The controller is referred to in the General Data Protection Regulation as the subject that is able to control User Private Information in a User Object. The subject is expected to have continued real-world existence from one interchange to another.
Value and Context for Use in IDESG
The term Entity is commonly used in the IDESG documentation. This is only included based on the usage of the term "Controller" in the General Data Protection Regulation.
Formal Definition
An individual natural person, or an entity such as a company or agency, that maintains User Private Information at the consent of the user.
Source materials used
While this term is broadly used, there appears to be no formal definition at the international level.
- In Ireland the term is defined as: the individual or the legal person who controls and is responsible for the keeping and use of personal information on computer or in structured manual files. Being a data controller carries with it serious legal responsibilities, so you should be quite clear if these responsibilities apply to you or your organisation. If you are in any doubt, or are unsure about the identity of the data controller in any particular case, you should consult your legal adviser or seek the advice of the Data Protection Commissioner.
- In the UK the term is defined as: a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.
Both of these definitions would seem to include a user's credential manager, but that is not likely to have been the intent of the authors.
Potential problems
None identified,
Disambiguation
Same term, different concept?
- Add list item
Different term, same concept?
- Entity: the formal IDESG term for a natural or legal person that stores User Private Information within a running computer system.
- PII Controller is (sort of) defined in the Consent Receipt.