When/if an elected member acts on behalf of themselves in their ward they assume the role of data controller for the processing of constituent personal data, even though they may utilise council resources (i.e. laptop, ipad etc) when doing so.
Does it make any difference if an elected member carries out this work via a private email account (i.e. gmail.com) as opposed to using their council (@-------.gov.uk) provided one? I am trying to determine whether or not they need a separate privacy notice in addition to the generic council one I have written on their behalf, or whether they can rely on the same one because the purpose/s of the processing remains the same?
Although I know this was FOI related, but I am thinking back to the Michael Gove/Mrs Blurt scenario when it was decreed that it wasn't the platform used, but more the content/purpose that dictated?
Would welcome all views.
Regards
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|