this is a very useful recent opinion; I find the highlighted article summarized the guidance in a helpful way. Stephanie Perrin -------- Forwarded Message -------- Subject: [council] GDPR EPDP Date: Fri, 18 Jan 2019 09:55:22 +0100 From: Erika Mann <erika@erikamann.com><mailto:erika@erikamann.com> To: council@gnso.icann.org<mailto:council@gnso.icann.org> All - Maybe helpful for your EPDP discussion’s. Keep in mind this document is released by the Belgian national DPA and not the European cross national board of DPAs. Nonetheless I assume that they will have discussed this with their colleagues but I had no chance (yet) to check this. Regards, Erika Belgium's privacy watchdog publishes guidance on the notions of controller and processor<https://www.lexology.com/r.ashx?i=6685664&l=88SJB9G> CMS Belgium[CMS Belgium logo]<http://www.cms-db.com/> Belgium<https://www.lexology.com/hub/belgium> January 17 2019 Recently, the Belgian Data Protection Authority (“DPA<https://www.dataprotectionauthority.be/>”) published guidance on controller and processor concepts (see original documents in French<https://www.autoriteprotectiondonnees.be/sites/privacycommission/files/docum...> and in Dutch<https://www.gegevensbeschermingsautoriteit.be/sites/privacycommission/files/...>), refreshing the distinction between these two concepts and their implications. In view of recent questions about the qualification and concrete application of the concepts of controller and processor, the DPA has decided to recap the principles and definitions applicable to these concepts. Sent from my iPhone