Issue-14: (Re: technical, business, legal definitions)

repost due to new rule Matthias..

In essence there are three categories of parties in the DNT debate:
- The party who determines the purposes, conditions and means of the 
data processing will be the data controler
- The party who processes data on behalf of the controller and a separate
legal entity than the controller is the data processor. The data processor
acts on behalf of the data controller. The relationship between both
parties is bound by a legal contract.
- Any other party who have no specific legitimacy or authorization in
processing personal data is a third party as in the residual category of

- Multi-parties: there can be use-cases where a controller determines 
the purposes, conditions and
means of the data processing jointly with others, the joint controllers 
determine the respective responsibilities for compliance.

There is overlap with the technical terms used in our discussions. The 
outcome is:

- 1st Party (Data Controller)
- Service Provider (Data Processor), because of contractual relation to the Data Controller
- 3rd Party (3rd Party)

On 26-1-2012 11:37, wrote:
> I am fine with that. please use it in the text proposal.
> Shane Wiley wrote:
>> I cannot think of any cases where a Service Provider is not somehow
>> receiving compensation for their services from the 1st Party.  If it
>> helps, we can add this to the definition to make it very clear.
>> - Shane
>> -----Original Message-----
>> From: []
>> Sent: Thursday, January 26, 2012 10:00 AM
>> To: Shane Wiley
>> Cc: Haakon Bratsberg; Karl Dubost;;
>> Subject: RE: technical, business, legal definitions
>> Question, is there any contractual realtion between the controller and the
>> Service Provider? I mean, if there is a money-flow, there will most likely
>> be a paper trail.
>> If so, then Shane is correct.
>> Rob
>> Shane Wiley wrote:
>>> Haakon,
>>> Agreed - but our extended Service Provider definition includes "with no
>>> independent rights to use the data outside of 1st party direction" which
>>> is fairly aligned with the general legal tenets of a Data Processor
>>> definition.
>>> Again - open for subjective interpretation due to the lack of more
>>> detail
>>> but generally "very close".
>>> - Shane
>>> -----Original Message-----
>>> From: Haakon Bratsberg []
>>> Sent: Wednesday, January 25, 2012 7:13 PM
>>> To: Shane Wiley
>>> Cc: Karl Dubost;;
>>> (
>>> Subject: Re: technical, business, legal definitions
>>> On 25. jan. 2012, at 18:53, Shane Wiley<>  wrote:
>>>> Generally whether expected or not, we've come close to this same
>>>> structure (to some degree) with the following terms:
>>>> - 1st Party (Data Controller)
>>>> - Service Provider (Data Processor)
>>>> - 3rd Party (3rd Party)
>>> I do not expect Service Provider = Data Processor to be globally true.
>>> It
>>> depends on the legal relationship between 1st Part and Service Provider.
>>> Haakon
>>>> - Shane
>>>> -----Original Message-----
>>>> From: Karl Dubost []
>>>> Sent: Wednesday, January 25, 2012 9:57 AM
>>>> To:
>>>> Cc: (
>>>> Subject: technical, business, legal definitions
>>>> This morning in Bruxelles, Roy proposed to use the definitions of
>>>> European commission prose about
>>>> * Processor
>>>> * Third Parties
>>>> * Controller
>>>> Rob said that it was better to focus on technical definitions, than the
>>>> legal, business ones of Europe. Currently, I have the feeling that our
>>>> definitions are _not_ technical specifically in the compliance
>>>> document.
>>>> A technical definition of 1st party/3rd party in terms of the HTTP
>>>> protocol will be very defined but it's not what we have done so far.
>>>> --
>>>> Karl Dubost -
>>>> Developer Relations, Opera Software

Received on Thursday, 26 January 2012 14:52:13 UTC