The approach we have always taken is that as the barrister is acting on our instructions then we have to report the data breach, whilst making it clear that the barrister was the one at fault.
Whilst I don't particularly like it I think that a joint controller relationship is really the only one that is feasible in a barrister-public authority scenario if both are considered controllers but the public authority wants to retain some control.
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Jon Baines
Sent: 15 February 2019 11:59
To: [log in to unmask]
Subject: Re: [data-protection] data-protection Digest - 13 Feb 2019 to 14 Feb 2019 (#2019-33)
Scenario 1. Instructing person has a general obligation under Article 13 GDPR to provide information to the data subject, barrister has a general obligation under Article 14 GDPR to do so also.
Whether that happens is another matter (there are myriad examples where AA 13 and 14 are not complied with) and one would need to consider whether exemptions apply in the particular example.
Scenario 2. A plain reading of Article 33 would suggest that it is for the barrister to determine whether this is a notifiable personal data breach, and if so, to notify. In practice, it might well be that the instructing person also does so, but if I were them I would instead probably be taking steps to make it clear to everyone that I was not the responsible controller.
Jon Baines,
Chair,
NADPO
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|