The Data Protection Officer’s guide to data ownership

Sofia Carroll of Naomi Korn Associates clarifies any confusion surrounding data ownership in the context of DP law and intellectual property.

The UK General Data Protection Regulation (UK GDPR) sets the rules for processing personal data, but “ownership” is sometimes included in the meaning of having “control” over this data.

Since the implementation of the UK GDPR, people have been more proactive in asking for explanations from organisations about how they use their personal data and for what purposes. Because of the language used and the meaning it connotes outside of the legal context, talking of “my personal data” and “personal data we (controllers) use” brings in the notion of “ownership” of this information, which is not a question to which data protection has the answer. While the UK GDPR sets out rules and restrictions of using this personal data, controllership of personal data is not the same as owning it in this context. Instead, data and information ownership is an issue that is dealt with by intellectual property (IP) law. It is often the DPO’s task to make this subtle but important distinction when responding to personal data complaints, managing processors and reviewing contracts.

Continue Reading

UK Report subscribers, please login to access the full article

LOGIN

If you wish to subscribe, please see our subscription information.

Subscribe