Dr Brendan Van Alsenoy has written a comprehensive and detailed account of the foundational distinction between controllers and processors in EU data protection law. It is a versatile book that may also serve as a reference on the law in this area as well as an excellent historical-comparative survey of its development.

Part I introduces the book’s central research questions, structure and background.

Part II details the state of the art in EU data protection law, its scope and key principles and how those factors allocate responsibility and liability to controllers and processors. It is a careful and thoughtful analysis of law and regulatory guidance, with much to interest both practitioners and academics.