Data Controller

From IDESG Wiki
Revision as of 03:51, 28 June 2018 by Omaerz (talk | contribs) (15 revisions imported: Initial Upload of old pages from IDESG Wiki)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Status: Proposed
This concept has been submitted as a new entry to the Glossary. It has not yet been validated or reviewed.

Description

An Entity that holds User Private Information stored within a computer system. In normal usage the User Agent is not considered to be a data controller.

Rationale

The controller is referred to in the General Data Protection Regulation as the subject that is able to control User Private Information in a User Object. The subject is expected to have continued real-world existence from one interchange to another.

Value and Context for Use in IDESG

The term Entity is commonly used in the IDESG documentation. This is only included based on the usage of the term "Controller" in the General Data Protection Regulation.

Formal Definition

An individual natural person, or an entity such as a company or agency, that maintains User Private Information at the consent of the user.

Source materials used

While this term is broadly used, there appears to be no formal definition at the international level.

  • In Ireland the term is defined as: the individual or the legal person who controls and is responsible for the keeping and use of personal information on computer or in structured manual files. Being a data controller carries with it serious legal responsibilities, so you should be quite clear if these responsibilities apply to you or your organisation. If you are in any doubt, or are unsure about the identity of the data controller in any particular case, you should consult your legal adviser or seek the advice of the Data Protection Commissioner.
  • In the UK the term is defined as: a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.

Both of these definitions would seem to include a user's credential manager, but that is not likely to have been the intent of the authors.

Potential problems

None identified,

Disambiguation

Same term, different concept?

  • Add list item

Different term, same concept?