Full Disclosure
Joel Harrison
ukcrypto at chiark.greenend.org.uk
Tue, 29 Apr 2008 11:36:47 +0100
On 4/29/08, Charles Lindsey <chl@clerew.man.ac.uk> wrote:
> > If I (as data controller) make a permitted controller-to-processor
> > transfer outside the EEA then, again, I'm responsible for whatever the
> > processor does. But that's no different from a transfer to a
> > processor in another EEA member state, or indeed if the data remains
> > within the same EEA member state....
> >
>
> But here we are talking about a cookie that resides on Joe User's machine
> and which he transfers to a website (possibly in Peru). So Joe User is the
> data conmtroller here (though he might be able to claim in court that Phorm
> had incited him to make that unlawful transfer).
>
Joe User is the data subject, because the data relates to him. He's
not ending up in court, except possibly as a claimant.