Watching this thread has bewildered me a little.
From it I have gained the following thoughts:
* If you wish to delegate the processing of data, send it to a Data
Controller to process
* If you use a Data Processor to process your data you remain responsible
for the Data Processor's actions.
My challenge here is that when I engage another party to process my data I
am the data controller for the data and not them, whether they are data
controllers in their own right or not.
My instructions to them mean that the data is being processed according to
my desires and on my behalf. I do not pass them the data to control, for I
would be passing data to a third party without the consent of the data
subjects so passed.
I believe that I cannot rid myself of the responsibility of being the Data
Controller for the data however much I wriggle here. I also have the
feeling that the IC would look at this as the law intends, not in the way a
contract has been arranged. And the law surely intended the original Data
Controller to retain responsibility for the data.
_____________________________________________________________
Tim Trent
Chief Privacy Officer EMEA
Gartner
EMEA Marketing, Tamesis, The Glanty, Egham, Surrey, United Kingdom,
TW20 9AW
Switchboard +44 (0)1784 431 611, Direct Line +44 (0)1784 267 335, Mobile +44
(0)7710 126 618
Visit our home on the web: http://www.gartner.com
The opinions expressed in this message are my own, and may or may not
reflect those of my employer. They are expressed as a part of the
discussion on the JISCMail mailing list on data protection and for no other
purpose. They have no legal standing and are offered as part of informed
and informal discussion. They may NOT be attributed to Gartner in any way.
Any personal data provided is provided expressly for use of discussions on
the JISCMail Data Protection Discussion list. Under the UK Data Protection
Act 1998 I expressly forbid any individual or organisation to make
commercial use of my data published either on the email list or in the
archives of that or other lists whether this message appears or not. This
includes messages already published in the archives.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|