{"title":"重新思考云计算背景下GDPR下的角色分配","authors":"Cyril Fischer","doi":"10.1093/idpl/ipad023","DOIUrl":null,"url":null,"abstract":"Abstract • Cloud computing is a well-established and flourishing phenomenon, whose key activity on personal data is the storage thereof. This study analyses the allocation of the controller–processor roles under the General Data Protection Regulation (GDPR) to the cloud computing actors in the context of the storage of personal data. It examines the current controller–processor model and suggests a joint controllership interpretation to the EU regulators, as a more appropriate allocation of roles in the context of cloud computing. • We argue that the prevailing controller–processor interpretation stems from the current primacy of the purpose criterion, as well as the recognition of consent as a criterion to allocate controllership. This article suggests that cloud providers control some of the essential means of the storage of personal data, thereby shifting part of the control from cloud customers to cloud providers. • If the joint controllership approach was to be followed by the EU regulators, this article argues that it would better reflect the economic and technical reality, and provide a more appropriate responsibility and liability framework for cloud providers and customers, which in turn would enhance the level of protection that data subjects should benefit from under the GDPR.","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"29 11","pages":"0"},"PeriodicalIF":2.6000,"publicationDate":"2023-11-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Re-thinking the allocation of roles under the GDPR in the context of cloud computing\",\"authors\":\"Cyril Fischer\",\"doi\":\"10.1093/idpl/ipad023\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Abstract • Cloud computing is a well-established and flourishing phenomenon, whose key activity on personal data is the storage thereof. This study analyses the allocation of the controller–processor roles under the General Data Protection Regulation (GDPR) to the cloud computing actors in the context of the storage of personal data. It examines the current controller–processor model and suggests a joint controllership interpretation to the EU regulators, as a more appropriate allocation of roles in the context of cloud computing. • We argue that the prevailing controller–processor interpretation stems from the current primacy of the purpose criterion, as well as the recognition of consent as a criterion to allocate controllership. This article suggests that cloud providers control some of the essential means of the storage of personal data, thereby shifting part of the control from cloud customers to cloud providers. • If the joint controllership approach was to be followed by the EU regulators, this article argues that it would better reflect the economic and technical reality, and provide a more appropriate responsibility and liability framework for cloud providers and customers, which in turn would enhance the level of protection that data subjects should benefit from under the GDPR.\",\"PeriodicalId\":51749,\"journal\":{\"name\":\"International Data Privacy Law\",\"volume\":\"29 11\",\"pages\":\"0\"},\"PeriodicalIF\":2.6000,\"publicationDate\":\"2023-11-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Data Privacy Law\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1093/idpl/ipad023\",\"RegionNum\":4,\"RegionCategory\":\"社会学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"LAW\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Data Privacy Law","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1093/idpl/ipad023","RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"LAW","Score":null,"Total":0}
Re-thinking the allocation of roles under the GDPR in the context of cloud computing
Abstract • Cloud computing is a well-established and flourishing phenomenon, whose key activity on personal data is the storage thereof. This study analyses the allocation of the controller–processor roles under the General Data Protection Regulation (GDPR) to the cloud computing actors in the context of the storage of personal data. It examines the current controller–processor model and suggests a joint controllership interpretation to the EU regulators, as a more appropriate allocation of roles in the context of cloud computing. • We argue that the prevailing controller–processor interpretation stems from the current primacy of the purpose criterion, as well as the recognition of consent as a criterion to allocate controllership. This article suggests that cloud providers control some of the essential means of the storage of personal data, thereby shifting part of the control from cloud customers to cloud providers. • If the joint controllership approach was to be followed by the EU regulators, this article argues that it would better reflect the economic and technical reality, and provide a more appropriate responsibility and liability framework for cloud providers and customers, which in turn would enhance the level of protection that data subjects should benefit from under the GDPR.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
