I agree with Peter and Charlene.
However in not dissimilar situations I have been faced with suppliers who are adamant, even before the Facebook fan page judgement, that they are it least in part, but not for all purposes (see Art 26(1) ) a controller.
Argument along the lines:
Supplier is likely to be categorised as a controller along with client at least in some elements of the application The rationale for this view is based on the following:
a. supplier has developed the application in particular choosing how the app operates in relation to collection and processing of [login] personal data;
b. Supplier therefore exercises a material degree of control over deciding what personal data is collected ; and
c. Supplier has autonomy in relation to the manner in which such personal data is collected and processed through the app, how long such data is stored for, who generally has access to it and how that data is presented.
d. So while supplier could argued to be merely providing a tool, supplier independently determined how the data collection takes place and is taking a more active role than simply following the instructions of client.
My view = all irrelevant. Client free CHOICE to procure and use that tool breaks any such link.
All archives of messages are stored permanently and are
available to the world wide web community at large at
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)