France’s data protection authority, the Commission nationale de l'informatique et des libertés, published guidance on the identification of a “controller,” “subcontractor,” and “joint principal” under the EU General Data Protection Regulation. Each role influences “the nature and extent of their responsibilities” regarding data, the CNIL said, and each must be identified “as soon as possible.” The CNIL said the guidance includes details on legal criteria, qualifications to consider and more.
CNIL publishes guidance on data processing roles under EU GDPR
Related stories
Hallucinations in LLMs: Technical challenges, systemic risks and AI governance implications
What the US Supreme Court's decision upholding Texas law means for data privacy
The next chapter for ROPAs
Notes from the AI Governance Center: The importance of trust in AI governance
El proyecto de ley de datos personales recibe media sanción en la Cámara Baja de Paraguay
