JISCMail - DATA-PROTECTION Archives

Hi Amy,

I think your initial question is the right one to consider - can one Data Controller seek consent from data subjects in relation to processing that will be undertaken by another Data Controller and is that consent sufficient to allow the processing?  The short answer is yes.

I think the issue is whether consent is informed and permits the transfer, it doesn't strictly matter whether this is done 'on behalf of' DC B.   There may be an issue for DC B to satisfy valid consent for processing, though.  

However, given the situation you describe, even with consent in place, I'm not sure how DC A gets DC B to transfer the information  (as the data is actually held by DC B and not DC A?).  Without a contract, or a court order ordering transfer, DC A might decide to collect the data itself, and transfer it, or the third party collects it, or data subjects get the information under subject access and provide it to the third party directly.


I hope that helps.

Regards,
Jackie. 

Jackie Milne | Legal Information Specialist | Jisc Legal | T 0141 548 4939  | E [log in to unmask] Information Service Directorate, University of Strathclyde, Turnbull Building,155 George Street, Glasgow, G1 1RD

Jisc Legal, a part of Jisc, is hosted by the University of Strathclyde, a charitable body, registered in Scotland, with registration number SC015263	 

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^