Full title or Meme
The controller is referred to in the General Data Protection Regulation as the subject that is able to control User Private Information in a User Object. The subject is expected to have continued real-world existence from one interchange to another.
Value and Context for Use in IDESG
An individual natural person, or an entity such as a company or agency, that maintains User Private Information at the consent of the user.
Source materials used
While this term is broadly used, there appears to be no formal definition at the international level.
- In Ireland the term is defined as: the individual or the legal person who controls and is responsible for the keeping and use of personal information on computer or in structured manual files. Being a data controller carries with it serious legal responsibilities, so you should be quite clear if these responsibilities apply to you or your organisation. If you are in any doubt, or are unsure about the identity of the data controller in any particular case, you should consult your legal adviser or seek the advice of the Data Protection Commissioner.
- In the UK the term is defined as: a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.
Both of these definitions would seem to include a user's credential manager, but that is not likely to have been the intent of the authors.
- User Notice is require by most regulations which requires the controller to maintain some sort of data channel to the user which is not subject to user control.
Same term, different concept?
- Add list item
Different term, same concept?
- Entity: the formal IDESG term for a natural or legal person that stores User Private Information within a running computer system.
- PII Controller is (sort of) defined in the Consent Receipt.
That reference the Data Controller