Data Protection Law in the EU - Roles, Responsibilities and Liability
Brendan VAN ALSENOY
Availability: Out of stock - available in 5 open days
- Categories: GDPR & Data Protection, April 2019
- Publisher: Intersentia Uitgevers
- Collection: KU Leuven Centre for IT & IP Law Series
- ISBN: 9781780688282
- Publication Date: 30/03/2019
- Binding: Paperback
- Number of pages: 695
Summary
EU data protection law imposes a series of requirements designed to
protect individuals against the risks that result from the processing of
their data. It also distinguishes among different types of actors
involved in the processing, setting out different obligations for each
actor. The most important distinction in this regard is the distinction
between “controllers” and “processors”. Together, these concepts provide
the very basis upon which responsibility for compliance with EU data
protection law is allocated. As a result, both concepts play a decisive
role in determining the potential liability of an organisation under EU
data protection law, including the General Data Protection Regulation
(GDPR).
Technological and societal developments have made it
increasingly difficult to apply the controller-processor model in
practice. The main factors are the growing complexity of processing
operations, the diversification of processing, services and the sheer
number of actors that can be involved. Against this background, this
book seeks to determine whether EU data protection law should continue
to maintain the controller-processor model as the main basis for
allocating responsibility and liability.
This book provides its
readers with the analytical framework to help them navigate the
intricate relationship of roles, responsibility and liability under EU
data protection law. The book begins with an in-depth analysis of the
nature and role of the controller and processor concepts. The key
elements of each are examined in detail, as is the associated allocation
of responsibility and liability. The next part contains a
historical-comparative analysis, which traces the origin and development
of the controller-processor model over time. To identify the main
problems that occur when applying the controller-processor model in
practice, a number of real-life use cases are examined (cloud computing,
social media, identity management and search engines). In the final
part, a critical evaluation is made of the choices made by the European
legislature in the context of the GDPR. It is clear that the GDPR has
introduced considerable improvements in comparison to EU Directive
95/46. In the long run, however, further changes may well be necessary.
By way of conclusion, a number of avenues for possible improvements are
presented.