Issue-14: How do what we talk about with 1st/3rd party,relate to European law about data controller vs data processor?

Frank and I have been working on text and finalized it today.

We prefer to keep our posting a short one, since most of the things that came up in our discussions are covered elsewhere.

In essence there are three categories of parties in the DNT debate:
- The party who determines the purposes, conditions and means of the data processing will be the data controler
- The party who processes data on behalf of the controller and a separate
legal entity than the controller is the data processor. The data processor
acts on behalf of the data controller. The relationship between both
parties is bound by a legal contract.
- Any other party who have no specific legitimacy or authorization in
processing personal data is a third party as in the residual category of
actors.

- Multi-parties: there can be use-cases where a controller determines the purposes, conditions and
means of the data processing jointly with others, the joint controllers must
determine the respective responsibilities for compliance.

Kind regards,
Frank, Rob

Received on Wednesday, 25 January 2012 15:28:22 UTC