[MyData & Open Data] Data Subject = Data Controller - is it common?

Tue Mar 17 00:37:51 UTC 2015

There is a need for an analysis of compliance paradigms.  i.e. —> if the individual is also the data controller how does this impact data protection compliance? 

There is no language about this and I think (IMHO) there is a missing dichotomy between data subject and data subject + data controller, in law. 

E.g. The  Master Data Controller - as in the origin of data. 

I have lots of thoughts on this legal loophole.

We are working on a consent receipt specification which directly addresses this issue by building a consent receipt. 

We are almost at the point where we need techniqal  help to move the spec forward.  (if there are any developers out there) 

Best,

Mark 

- 

.   
> On 16 Mar 2015, at 16:02, stef <s at ctrlc.hu> wrote:
> 
> On Mon, Mar 16, 2015 at 05:59:25PM +0200, Antti Jogi Poikola wrote:
>> recently I have learned about couple of Finnish digital services (one
>> related to personal finances and other to personal consumption), where the
>> juridical arrangement was such that the service provider was not considered
>> data controller, but only data processor who worked on behalf of the
>> individual who was at the same time data subject and data controller.
>> 
>> Is this common practice - do you know any cases?
>> How does this impact to individuals rights over his own data?
> 
> this is a legal loophole. we have similar here in hungary, if challenged in a
> court is would not hold i think.
> 
> -- 
> otr fp: https://www.ctrlc.hu/~stef/otr.txt
> _______________________________________________
> mydata-open-data mailing list
> mydata-open-data at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/mydata-open-data