France’s data protection authority, the Commission nationale de l'informatique et des libertés, published guidance on the identification of a “controller,” “subcontractor,” and “joint principal” under the EU General Data Protection Regulation. Each role influences “the nature and extent of their responsibilities” regarding data, the CNIL said, and each must be identified “as soon as possible.” The CNIL said the guidance includes details on legal criteria, qualifications to consider and more.
CNIL publishes guidance on data processing roles under EU GDPR
Related stories
Notes from the Asia-Pacific region: Australia eSafety Commissioner launches social media age restrictions hub
EU Data operational impacts: The Data Act's interplay within the EU digital rulebook
Notes from the IAPP Europe: A focus on the Digital Networks Act
The 2025 Brazilian DPO: Navigating high risks with limited runways
PETs: Beyond privacy-enhancing
