Between the Data Act and the GDPR:
Attributing Responsibility for Data Sharing
Between the Data Act and the GDPR:
Attributing Responsibility for Data Sharing
Author(s): Antoni NapieralskiSubject(s): Public Law, ICT Information and Communications Technologies
Published by: Wydawnictwo Naukowe Wydziału Zarządzania Uniwersytetu Warszawskiego
Keywords: data sharing; GDPR; Data Act; controller; user; data holder;
Summary/Abstract: The normative links between the GDPR and the Data Act increase the complexityof attributing responsibility for data sharing under the Data Act. Due to overlapsin the material scope of the GDPR and the Data Act, exercising access rightsstipulated by the DA leads to consequences in attributing controllership under theGDPR. Users who are not data subjects, together with third parties receiving therequested data, are likely to become joint controllers. Judicial interpretation ofthe concept of joint controllership effectively lowered the threshold of becoming a joint controller. In pursuit of the effective protection of the data subject, jointcontrollership becomes an unintended consequence of mechanisms introduced bythe Data Act.
Journal: Yearbook of Antitrust and Regulatory Studies (YARS)
- Issue Year: 17/2024
- Issue No: 29
- Page Range: 127-145
- Page Count: 19
- Language: English
