Difference between revisions of "Data Controller"
From MgmtWiki
(→Solutions) |
(→Solutions) |
||
Line 11: | Line 11: | ||
==Solutions== | ==Solutions== | ||
− | In this wiki we will use two terms that together seem to meet most definitions of [[Data Controller]] and more context to discuss the practical solutions. | + | In this wiki we will use two terms that together seem to meet most definitions of [[Data Controller]] and provide more context to discuss the practical solutions. |
#A [[Identifier or Attribute Provider]] is the source of [[User Information]] in any covered transaction on the internet. | #A [[Identifier or Attribute Provider]] is the source of [[User Information]] in any covered transaction on the internet. | ||
#A [[Relying Party]] is the sink of [[User Information]] in any covered transaction on the internet. | #A [[Relying Party]] is the sink of [[User Information]] in any covered transaction on the internet. |
Revision as of 09:20, 14 February 2021
Full Title or Meme
Some digital Entity on the internet that holds and processes User Information.
Context
- The GDPR uses the term term liberally but never defines it.
- Several "Member States" of the EU have defined the GDPR terms, for example Ireland.[1]
Problems
- The term Data Controller, is not helpful in understanding the practical consequences of the legislation putting the onus on the data controller to determin which legal jurisdition applies and what obligations apply to them.
Solutions
In this wiki we will use two terms that together seem to meet most definitions of Data Controller and provide more context to discuss the practical solutions.
- A Identifier or Attribute Provider is the source of User Information in any covered transaction on the internet.
- A Relying Party is the sink of User Information in any covered transaction on the internet.
Besides the two entities above a User Object containing User Information may exist at other locations, sometimes under the control of one of the above, sometimes not. See the diagram on the User Object Page for an example were the User Object may even be in an Authentication Cookie residing on the User Device.
References
- ↑ Irish Data Protection Commission, Are you a "data controller"? https://www.dataprotection.ie/docs/Are-you-a-Data-Controller/y/43.htm