Guidance on Article 29 Data Protection Working Party’s Opinion on Definitions of “Controller” and “Processor”
April 15, 2010
The Article 29 Working Party, the body of European data protection regulators, recently issued an opinion on the difference between a data “controller” and data “processor” in European data protection law. The distinction is important, since it determines who has responsibility for compliance with data protection rules—the controller is subject to scrutiny of the regulatory regime, while the processor has no such responsibility or real scrutiny. This update examines the Article 29 Working Party’s guidance.