processor language

If we get to definitions again, then an option is to get the paragraph 
in the draft again that deals with first, third parties and service 
providers.

"For the EU, the outsourcing scenario is clearly regulated. In the 
current EU Directive 95/46/EC, but also in the suggested regulation 
reforming the data protection regime, an entity using or processing data 
is subject to data protection law. A First Party (EU: data controller) 
is an entity or multiple entities (EU: joint data controller) who 
determines the purposes, conditions and means of the data processing 
will be the data controller. A service provider (EU: data processor) is 
an entity with a legal contractual relation to the Data Controller. The 
Service Provider does determine the purposes, conditions and means of 
the data processing, but processes data on behalf of the controller. The 
data processor acts on behalf of the data controller and is a separate 
legal entity. An entity acting as a first party and contracting services 
of another party is responsible for the overall processing. A third 
party is an entity with no contractual relation to the Data Controller 
and no specific legitimacy or authorization in processing personal data. 
If the third party has own rights and privileges concerning the 
processing of the data collected by the first party, it isn't a data 
processor anymore and thus not covered by exemptions. This third party 
is then considered as a second data controller with all duties attached 
to that status. As the pretensions of users are based on law, they apply 
to first and third party alike unless the third party acts as a mere 
data processor."

Received on Thursday, 21 June 2012 21:57:32 UTC