ostentar la titularidad

22:19 May 24, 2018 

That's my feeling, too. In other words, they're using an earlier frame of reference that's inconsistent with the new legislation.

22:11 May 24, 2018 

I wonder whether the writer is thinking of the titularidad of the data files or data sets (a point you raised in you comment on Phil's answer) as opposed to the data themselves. This distinction is of course fundamental.

The 1999 Spanish law (the famous Ley Orgánica 15/1999, de 13 de diciembre, de Protección de Datos de Carácter Personal) uses the word "titularidad" precisely in this way. Chapter I of Title IV (Articles 20-24) is entitled "Ficheros de titularidad pública" and Chapter II (Articles 25-32) is "Ficheros de titularidad privada". In the definitions (Article 5) it clearly says "Afectado o interesado: Persona física titular de los datos que sean objeto del tratamiento", but the word "titularidad", which occurs many times in the text of this law, always refers to the ownership of the data files.

In other words, perhaps the writer means that they own the files containing the data (which is true) and has expressed this very loosely. Might that be the explanation?

15:04 May 24, 2018 

My point is that the question of "ownership" is debatable, i.e., neither the subject nor the controller can be said to own it, and that the GDPR tries precisely to avoid that issue by giving data subjects more say in what can be done with data about them.

The GDPR, while using phrases such as "own data", makes no specific reference to ownership, but rather, as you say, to "control" ("Natural persons should have control of their own personal data"). This is why I'd hesitate to use "control" here also; it might suggest that the "subject" has less control than the "controller".

Maybe the drafter meant to say "posesión", yet instead they opted for "titularidad", which is simply wrong, legally speaking, but it is what it is. I can't see any other option but ownership.

In data management, "data owner" is a term organizations use to describe what we would refer to in the specific case of personal data as the "data controller", presumably because they have traditionally viewed customer databases and mailing lists as just another area of their proprietary data. Perhaps this led to the drafter's confusion here.

http://www.businessdictionary.com/definition/data-owner.html

14:52 May 24, 2018 

It's actually Charles' suggestion; my suggestion is to use "ownership" but make a footnote regarding the dubious question of ownership in this area.

14:01 May 24, 2018 

el responsable del tratamiento es el responsable de los datos. el interesado es el titular. pero se los cede al responsable para los trate para las finalidades pactadas.
I'm still considering using Robert's "controls" suggestion though ...

11:03 May 24, 2018 

I've emailed the client, making these points and I'm waiting to hear back.

21:40 May 23, 2018 

This statement does seem to be nonsense, since the "titularidad" of personal data pertains to the data subject (certainly in Spain and I think just about everywhere), though not in the case of patient data in medical records, which belong to the hospital.

I take Robert's point here: "titularidad" definitely means ownership, and one view would be that even if it's apparently untrue we must translate it accurately, drawing attention to the anomaly in a footnote.

Another approach would be to use something that is true and is not too far from "titularidad" in meaning. I don't think "is responsible for" fits the bill, but "controls" might be a way out.

15:44 May 23, 2018 

There's a lot of translation being done in this field right now, so I think it's important we have a good understanding of the terms being used and why we should and shouldn't use one term or another. I don't think it's helpful to blur the lines even more by confusing ownership with responsibility or accountability, which are by any measure distinct concepts in law.

15:39 May 23, 2018 

I totally agree with you about not using the word "own" in this context, but the source text does use it, and I don't think it's right for us to correct it, although perhaps a footnote would be in order here. I've made a reference entry with my thoughts on the matter.

10:42 May 23, 2018 

"who has charge of"?