Document Actions

Citation and metadata

Back to the article.

Recommended citation

Stephanie Rossello, Pierre Dewitte, Exploring the limits of joint control: the case of COVID-19 digital proximity tracing solutions, 12 (2021) JIPITEC 342 para 1.

Download Citation

Endnote

%0 Journal Article
%T Exploring the limits of joint control: the case of COVID-19 digital proximity tracing solutions
%A Rossello, Stephanie
%A Dewitte, Pierre
%J JIPITEC
%D 2021
%V 12
%N 3
%@ 2190-3387
%F rossello2021
%X Referring to the judgment of the CJEU in Fashion-ID, some scholars have anticipated that, “at this rate everyone will be a [joint] controller of personal data”. This contribution follows this arguably provocative, but not entirely implausible, line of thinking. In the first part of the article, we highlight the ambiguities inherent to the concept of “joint control” and confront them with those pertaining to the notion of “identifiability”. In the second part, we investigate the effects of the broad legal test for joint control on the role of the individual user of BLE-based COVID-19 digital proximity tracing solutions. This offers the possibility to examine, at a theoretical level, whether the impact of the broad notion of joint control differs depending on the architecture of the system (i.e. centralized or decentralized). We found out that the strict application of the joint controllership test could lead to unexpected and, most likely, unintended results. First, an app user could, in theory, qualify as a joint controller with a national health authority regardless of the protocol’s architecture. Second, an actor could, again in theory, be considered as a joint controller of data that is not personal from that actor’s perspective.
%L 340
%K COVID-19
%K GDPR
%K Joint control
%K centralisation
%K decentralisation
%K digital proximity tracing
%K identifiability
%K personal data
%U http://nbn-resolving.de/urn:nbn:de:0009-29-53370
%P 342-369
Download

Bibtex

@Article{rossello2021,
  author = 	"Rossello, Stephanie
		and Dewitte, Pierre",
  title = 	"Exploring the limits of joint control: the case of COVID-19 digital proximity tracing solutions",
  journal = 	"JIPITEC",
  year = 	"2021",
  volume = 	"12",
  number = 	"3",
  pages = 	"342--369",
  keywords = 	"COVID-19; GDPR; Joint control; centralisation; decentralisation; digital proximity tracing; identifiability; personal data",
  abstract = 	"Referring to the judgment of the CJEU in Fashion-ID, some scholars have anticipated that, ``at this rate everyone will be a [joint] controller of personal data''. This contribution follows this arguably provocative, but not entirely implausible, line of thinking. In the first part of the article, we highlight the ambiguities inherent to the concept of ``joint control'' and confront them with those pertaining to the notion of ``identifiability''. In the second part, we investigate the effects of the broad legal test for joint control on the role of the individual user of BLE-based COVID-19 digital proximity tracing solutions. This offers the possibility to examine, at a theoretical level, whether the impact of the broad notion of joint control differs depending on the architecture of the system (i.e. centralized or decentralized). We found out that the strict application of the joint controllership test could lead to unexpected and, most likely, unintended results. First, an app user could, in theory, qualify as a joint controller with a national health authority regardless of the protocol's architecture. Second, an actor could, again in theory, be considered as a joint controller of data that is not personal from that actor's perspective.",
  issn = 	"2190-3387",
  url = 	"http://nbn-resolving.de/urn:nbn:de:0009-29-53370"
}
Download

RIS

TY  - JOUR
AU  - Rossello, Stephanie
AU  - Dewitte, Pierre
PY  - 2021
DA  - 2021//
TI  - Exploring the limits of joint control: the case of COVID-19 digital proximity tracing solutions
JO  - JIPITEC
SP  - 342
EP  - 369
VL  - 12
IS  - 3
KW  - COVID-19
KW  - GDPR
KW  - Joint control
KW  - centralisation
KW  - decentralisation
KW  - digital proximity tracing
KW  - identifiability
KW  - personal data
AB  - Referring to the judgment of the CJEU in Fashion-ID, some scholars have anticipated that, “at this rate everyone will be a [joint] controller of personal data”. This contribution follows this arguably provocative, but not entirely implausible, line of thinking. In the first part of the article, we highlight the ambiguities inherent to the concept of “joint control” and confront them with those pertaining to the notion of “identifiability”. In the second part, we investigate the effects of the broad legal test for joint control on the role of the individual user of BLE-based COVID-19 digital proximity tracing solutions. This offers the possibility to examine, at a theoretical level, whether the impact of the broad notion of joint control differs depending on the architecture of the system (i.e. centralized or decentralized). We found out that the strict application of the joint controllership test could lead to unexpected and, most likely, unintended results. First, an app user could, in theory, qualify as a joint controller with a national health authority regardless of the protocol’s architecture. Second, an actor could, again in theory, be considered as a joint controller of data that is not personal from that actor’s perspective.
SN  - 2190-3387
UR  - http://nbn-resolving.de/urn:nbn:de:0009-29-53370
ID  - rossello2021
ER  -
Download

Wordbib

<?xml version="1.0" encoding="UTF-8"?>
<b:Sources SelectedStyle="" xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography"  xmlns="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" >
<b:Source>
<b:Tag>rossello2021</b:Tag>
<b:SourceType>ArticleInAPeriodical</b:SourceType>
<b:Year>2021</b:Year>
<b:PeriodicalTitle>JIPITEC</b:PeriodicalTitle>
<b:Volume>12</b:Volume>
<b:Issue>3</b:Issue>
<b:Url>http://nbn-resolving.de/urn:nbn:de:0009-29-53370</b:Url>
<b:Pages>342-369</b:Pages>
<b:Author>
<b:Author><b:NameList>
<b:Person><b:Last>Rossello</b:Last><b:First>Stephanie</b:First></b:Person>
<b:Person><b:Last>Dewitte</b:Last><b:First>Pierre</b:First></b:Person>
</b:NameList></b:Author>
</b:Author>
<b:Title>Exploring the limits of joint control: the case of COVID-19 digital proximity tracing solutions</b:Title>
<b:Comments>Referring to the judgment of the CJEU in Fashion-ID, some scholars have anticipated that, “at this rate everyone will be a [joint] controller of personal data”. This contribution follows this arguably provocative, but not entirely implausible, line of thinking. In the first part of the article, we highlight the ambiguities inherent to the concept of “joint control” and confront them with those pertaining to the notion of “identifiability”. In the second part, we investigate the effects of the broad legal test for joint control on the role of the individual user of BLE-based COVID-19 digital proximity tracing solutions. This offers the possibility to examine, at a theoretical level, whether the impact of the broad notion of joint control differs depending on the architecture of the system (i.e. centralized or decentralized). We found out that the strict application of the joint controllership test could lead to unexpected and, most likely, unintended results. First, an app user could, in theory, qualify as a joint controller with a national health authority regardless of the protocol’s architecture. Second, an actor could, again in theory, be considered as a joint controller of data that is not personal from that actor’s perspective.</b:Comments>
</b:Source>
</b:Sources>
Download

ISI

PT Journal
AU Rossello, S
   Dewitte, P
TI Exploring the limits of joint control: the case of COVID-19 digital proximity tracing solutions
SO JIPITEC
PY 2021
BP 342
EP 369
VL 12
IS 3
DE COVID-19; GDPR; Joint control; centralisation; decentralisation; digital proximity tracing; identifiability; personal data
AB Referring to the judgment of the CJEU in Fashion-ID, some scholars have anticipated that, “at this rate everyone will be a [joint] controller of personal data”. This contribution follows this arguably provocative, but not entirely implausible, line of thinking. In the first part of the article, we highlight the ambiguities inherent to the concept of “joint control” and confront them with those pertaining to the notion of “identifiability”. In the second part, we investigate the effects of the broad legal test for joint control on the role of the individual user of BLE-based COVID-19 digital proximity tracing solutions. This offers the possibility to examine, at a theoretical level, whether the impact of the broad notion of joint control differs depending on the architecture of the system (i.e. centralized or decentralized). We found out that the strict application of the joint controllership test could lead to unexpected and, most likely, unintended results. First, an app user could, in theory, qualify as a joint controller with a national health authority regardless of the protocol’s architecture. Second, an actor could, again in theory, be considered as a joint controller of data that is not personal from that actor’s perspective.
ER
Download

Mods

<mods>
  <titleInfo>
    <title>Exploring the limits of joint control: the case of COVID-19 digital proximity tracing solutions</title>
  </titleInfo>
  <name type="personal">
    <namePart type="family">Rossello</namePart>
    <namePart type="given">Stephanie</namePart>
  </name>
  <name type="personal">
    <namePart type="family">Dewitte</namePart>
    <namePart type="given">Pierre</namePart>
  </name>
  <abstract>Referring to the judgment of the CJEU in Fashion-ID, some scholars have anticipated that, “at this rate everyone will be a [joint] controller of personal data”. This contribution follows this arguably provocative, but not entirely implausible, line of thinking. In the first part of the article, we highlight the ambiguities inherent to the concept of “joint control” and confront them with those pertaining to the notion of “identifiability”. In the second part, we investigate the effects of the broad legal test for joint control on the role of the individual user of BLE-based COVID-19 digital proximity tracing solutions. This offers the possibility to examine, at a theoretical level, whether the impact of the broad notion of joint control differs depending on the architecture of the system (i.e. centralized or decentralized). We found out that the strict application of the joint controllership test could lead to unexpected and, most likely, unintended results. First, an app user could, in theory, qualify as a joint controller with a national health authority regardless of the protocol’s architecture. Second, an actor could, again in theory, be considered as a joint controller of data that is not personal from that actor’s perspective.</abstract>
  <subject>
    <topic>COVID-19</topic>
    <topic>GDPR</topic>
    <topic>Joint control</topic>
    <topic>centralisation</topic>
    <topic>decentralisation</topic>
    <topic>digital proximity tracing</topic>
    <topic>identifiability</topic>
    <topic>personal data</topic>
  </subject>
  <classification authority="ddc">340</classification>
  <relatedItem type="host">
    <genre authority="marcgt">periodical</genre>
    <genre>academic journal</genre>
    <titleInfo>
      <title>JIPITEC</title>
    </titleInfo>
    <part>
      <detail type="volume">
        <number>12</number>
      </detail>
      <detail type="issue">
        <number>3</number>
      </detail>
      <date>2021</date>
      <extent unit="page">
        <start>342</start>
        <end>369</end>
      </extent>
    </part>
  </relatedItem>
  <identifier type="issn">2190-3387</identifier>
  <identifier type="urn">urn:nbn:de:0009-29-53370</identifier>
  <identifier type="uri">http://nbn-resolving.de/urn:nbn:de:0009-29-53370</identifier>
  <identifier type="citekey">rossello2021</identifier>
</mods>
Download

Full Metadata

Bibliographic Citation Journal of intellectual property, information technology and electronic commerce law 12 (2021) 3
Title

Exploring the limits of joint control: the case of COVID-19 digital proximity tracing solutions (eng)
Author Stephanie Rossello, Pierre Dewitte
Language eng
Abstract Referring to the judgment of the CJEU in Fashion-ID, some scholars have anticipated that, “at this rate everyone will be a [joint] controller of personal data”. This contribution follows this arguably provocative, but not entirely implausible, line of thinking. In the first part of the article, we highlight the ambiguities inherent to the concept of “joint control” and confront them with those pertaining to the notion of “identifiability”. In the second part, we investigate the effects of the broad legal test for joint control on the role of the individual user of BLE-based COVID-19 digital proximity tracing solutions. This offers the possibility to examine, at a theoretical level, whether the impact of the broad notion of joint control differs depending on the architecture of the system (i.e. centralized or decentralized). We found out that the strict application of the joint controllership test could lead to unexpected and, most likely, unintended results. First, an app user could, in theory, qualify as a joint controller with a national health authority regardless of the protocol’s architecture. Second, an actor could, again in theory, be considered as a joint controller of data that is not personal from that actor’s perspective.
Subject COVID-19, GDPR, Joint control, centralisation, decentralisation, digital proximity tracing, identifiability, personal data
DDC 340
Rights DPPL
URN: urn:nbn:de:0009-29-53370
JIPITEC – Journal of Intellectual Property, Information Technology and E-Commerce Law
Article search
Extended article search
Newsletter
Subscribe to our newsletter
Follow Us
twitter
 
Navigation