[council] GDPR EPDP

Ayden Férdeline icann at ferdeline.com
Fri Jan 18 13:17:00 UTC 2019 

Thanks Erika, Flip-

This document has now been brought to the attention of the EPDP team on its mailing list by Stephanie Perrin. Thank you for sharing it.

Ayden

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Friday, January 18, 2019 6:05 AM, Flip Petillion <fpetillion at petillion.law> wrote:

> Thank you for sharing Erika.
>
> Having read the guidance document, it remains clear that the distinction controller / processor is a functional one, which must be based on a factual analysis of the processing activities instead of the contractual qualification and/or incurred liability.
>
> The Belgian DPA considers that a processor must operate as a subcontractor for the controller and that he must always operate on the account of the controller and not on his own account.
>
> Regarding Joint Controllership Agreements (JCA), the Belgian DPA notes (freely translated):
>
>               “Joint controllers will have to determine their respective responsibilities in an agreement, pursuant to article 26 GDPR.”
>
>               and
>
> “The initiative taken when proposing a subcontracting agreement or the contractual imbalance that exists between parties during negotiations, does not preclude the status of controller or processor of the person/entity taking the initiative or having a dominant position in the negotiations. One must always make an analysis on the basis of the prescribed factual criteria in order to legally qualify the role of each actor in the processing activity.”
>
> The above is certainly important regarding part 3 of the EPDP Report (Data Processing Terms) and for determining the responsibilities of ICANN and the (non) contracted parties.
>
> Hope this is useful.
>
> Best,
>
> Flip
>
> Flip Petillion
>
> fpetillion at petillion.law
>
> +32484652653
>
> www.petillion.law
>
> [signature_694283322](http://www.petillion.law/)
>
>   Attorneys – Advocaten - Avocats
>
> From: council <council-bounces at gnso.icann.org> on behalf of Erika Mann <erika at erikamann.com>
> Date: Friday, 18 January 2019 at 09:55
> To: "council at gnso.icann.org" <council at gnso.icann.org>
> Subject: [council] GDPR EPDP
>
> All - Maybe helpful for your EPDP discussion’s. Keep in mind this document is released by the Belgian national DPA and not the European cross national board of DPAs. Nonetheless I assume that they will have discussed this with their colleagues but I had no chance (yet) to check this.
>
> Regards,
>
> Erika
>
> [Belgium's privacy watchdog publishes guidance on the notions of controller and processor](https://www.lexology.com/r.ashx?i=6685664&l=88SJB9G)
>
> CMS Belgium[CMS Belgium logo](http://www.cms-db.com/)
>
> [Belgium](https://www.lexology.com/hub/belgium) January 17 2019
>
> Recently, the Belgian Data Protection Authority (“[DPA](https://www.dataprotectionauthority.be/)”) published guidance on controller and processor concepts (see original documents in [French](https://www.autoriteprotectiondonnees.be/sites/privacycommission/files/documents/Notions_RT_ST.pdf) and in [Dutch](https://www.gegevensbeschermingsautoriteit.be/sites/privacycommission/files/documents/Begrippen_VW_OA.pdf)), refreshing the distinction between these two concepts and their implications.
>
> In view of recent questions about the qualification and concrete application of the concepts of controller and processor, the DPA has decided to recap the principles and definitions applicable to these concepts.
>
> Sent from my iPhone
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/council/attachments/20190118/f74dc903/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 7393 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/council/attachments/20190118/f74dc903/image001.png>

More information about the council mailing list