€139.00 incl. VAT €131.13 excl. VAT
Student price: €55.00
Available shipped within 3-5 business days
100% secure payment
payments maestro mastercard visa payments
Questions about this product? Contact our customer service

Data Protection Law in the EU: Roles, Responsibilities and Liability

Book | 1st edition 2019 | United Kingdom | Brendan Van Alsenoy

EU data protection law imposes a series of requirements designed to protect individuals against the risks that result from the processing of their data. It also distinguishes among different types of actors involved in the processing, setting out different obligations for each actor. The most important distinction in this regard is the distinction between “controllers” and “processors”. Together, these concepts provide the very basis upon which responsibility for compliance with EU data protection law is allocated. As a result, both concepts play a decisive role in determining the potential liability of an organisation under EU data protection law, including the General Data Protection Regulation (GDPR).

Technological and societal developments have made it increasingly difficult to apply the controller-processor model in practice. The main factors are the growing complexity of processing operations, the diversification of processing, services and the sheer number of actors that can be involved. Against this background, this book seeks to determine whether EU data protection law should continue to maintain the controller-processor model as the main basis for allocating responsibility and liability.

This book provides its readers with the analytical framework to help them navigate the intricate relationship of roles, responsibility and liability under EU data protection law. The book begins with an in-depth analysis of the nature and role of the controller and processor concepts. The key elements of each are examined in detail, as is the associated allocation of responsibility and liability. The next part contains a historical-comparative analysis, which traces the origin and development of the controller-processor model over time. To identify the main problems that occur when applying the controller-processor model in practice, a number of real-life use cases are examined (cloud computing, social media, identity management and search engines). In the final part, a critical evaluation is made of the choices made by the European legislature in the context of the GDPR. It is clear that the GDPR has introduced considerable improvements in comparison to EU Directive 95/46. In the long run, however, further changes may well be necessary. By way of conclusion, a number of avenues for possible improvements are presented.

Dr Brendan Van Alsenoy is a Legal Advisor at the Belgian Data Protection Authority and a senior affiliated researcher at the KU Leuven Centre for IT & IP Law, and co-editor of Privacy & Persoonsgegevens. He has previously worked as a legal researcher at the KU Leuven Centre for IT & IP Law, with a focus on data protection and privacy, intermediary liability and trust services. In 2012, he worked at the Organisation for Economic Co-operation and Development (OECD) to assist in the revision of the 1980 OECD Privacy Guidelines.

Digital version available on :

  • Strada lex Belgium

You have a subscription? Activate the digital version for free with the code in the book.

Technical info
More Information
Type of product Book
Format Hardback
EAN / ISSN 9781780688282 / 9781780688459
Series name KU Leuven Centre for IT & IP Law Series
Weight 1290 g
Status Available
Number of pages xxv + 694 p.
Access to exercice No
Publisher Intersentia
Language English
Publication Date Mar 29, 2019
Available on Jurisquare Yes
Available on Strada Belgique Yes
Available on Strada Europe No
Available on Strada Luxembourg No


  • Table of contents and preliminary pages
  • Part I. Introduction
  • Chapter 1. Background
  • Chapter 2. Problem Statement
  • Chapter 3. Research Questions
  • Chapter 4. Structure and Methodology
  • Part II. State of the Art
  • Chapter 1. Introduction
  • Chapter 2. Scope of EU Data Protection Law
  • Chapter 3. Basic Protections
  • Chapter 4. Allocation of Responsibility
  • Chapter 5. Liability Exposure of Controllers and Processors
  • Chapter 6. Specific Issues
  • Chapter 7. Additional Functions of the Controller and Processor Concepts
  • Part III. Historical-Comparative Analysis
  • Chapter 1. Introduction
  • Chapter 2. The Emergence of Data Protection Law
  • Chapter 3. National Data Protection Laws Before 1980
  • Chapter 4. International Instruments
  • Chapter 5. National Data Protection Laws After 1981
  • Chapter 6. Directive 95/46/EC
  • Chapter 7. General Data Protection Regulation
  • Chapter 8. Conclusion
  • Part IV. Use Cases
  • Chapter 1. Introduction
  • Chapter 2. E-Government Identity Management
  • Chapter 3. Online Social Networks
  • Chapter 4. Cloud Computing
  • Chapter 5. Internet Search Engines
  • Part V. Recommendations
  • Chapter 1. Introduction
  • Chapter 2. Typology of Issues
  • Chapter 3. Typology of Solutions
  • Chapter 4. Recommendations
  • Chapter 5. Conclusion
Reading material