Initial publication
According to Article 3 of the Federal Law "On Personal Data", the operator is a state body, a municipal body, a legal or natural person, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of processing personal data, composition of personal data to be processed, actions (operations) performed with personal data.
This norm identifies two criteria, in the presence of which a person qualifies as an operator of personal data:
organization and (or) implementation of the processing of personal data;
determination of the purposes of processing personal data, the composition of the processed personal data and actions (operations) performed with personal data.
A closer look at the definition of a personal data operator raises the question of whether a person must meet both or one of these criteria in order to qualify as an operator.
Often, the organization and (or) the processing of personal data can be performed by a person acting on behalf of another person (principal) and not determining the purpose, composition and operations of processing personal data. A typical example of such a person is a hosting provider that stores and otherwise processes personal data on behalf of a client. In such a relationship, the client meets both criteria of the operator, while the hosting provider meets only the criterion for organizing and (or) processing personal data, provided that the client independently determines the goals, composition and operations of processing personal data, and the hosting provider does not use such personal data for its own purposes. In the case when the hosting provider, for one reason or another and reason (or not), determines the goals,the composition and operations of processing personal data, regardless of the client, such activities of the hosting provider meet both criteria of the operator.
, , , , () . , , , , « », .1 , , , , .
, , . , , . , .
, - , . , - . -, - , , , , .
, , - . , , .3 .6 « ». , , , .
, , , . , - , ( ), . , , - , .
, .4 .6 « », , , . .5 , , , , - ( , ). , , , .
, , , – GDPR ( ( ( ) 2016/679)), 4 «», , «», , . «» , , , -. , « » GDPR, , , .
, , . .28 GDPR , , « » , , - , , , , , , .