Exploring the limits of joint control: the case of COVID-19 digital proximity tracing solutions
Journal of Intellectual Property, Information Technology and E-Commerce Law
; 12(3):342-369, 2021.
Article
in English
| Scopus | ID: covidwho-1905233
ABSTRACT
Referring to the judgment of the CJEU in Fashion-ID, some scholars have anticipated that, “at this rate everyone will be a [joint] controller of personal data”. This contribution follows this arguably provocative, but not entirely implausible, line of thinking. In the first part of the article, we highlight the ambiguities inherent to the concept of “joint control” and confront them with those pertaining to the notion of “identifiability”. In the second part, we investigate the effects of the broad legal test for joint control on the role of the individual user of BLE-based COVID-19 digital proximity tracing solutions. This offers the possibility to examine, at a theoretical level, whether the impact of the broad notion of joint control differs depending on the architecture of the system (i.e. centralized or decentralized). We found out that the strict application of the joint controllership test could lead to unexpected and, most likely, unintended results. First, an app user could, in theory, qualify as a joint controller with a national health authority regardless of the protocol’s architecture. Second, an actor could, again in theory, be considered as a joint controller of data that is not personal from that actor’s perspective. © 2021 Stephanie Rossello and Pierre Dewitte.
Search on Google
Collection:
Databases of international organizations
Database:
Scopus
Type of study:
Observational study
Language:
English
Journal:
Journal of Intellectual Property, Information Technology and E-Commerce Law
Year:
2021
Document Type:
Article
Similar
MEDLINE
...
LILACS
LIS