Joint Controller


      A joint controllership is when two controllers both determine the purposes and means of the processing of personal data, and both are jointly responsible for GDPR compliance.

      For this, the label you apply to each party does not matter. If both parties determine the purposes and means of processing, they are considered joint controllers. Several cases from the European Court of Justice (ECJ) have confirmed this. For example, in the Facebook Fan Page judgement (C-210/16), the ECJ concluded that a fan page administrator was in a joint controllership with Facebook. This is because the administrator used Facebook insights to collect and process visitors information. According to the ECJ, this assisted Facebook in their processing.

      Being joint controllers does imply equal responsibility for the processing. However, data subjects may still contact each of the controllers to exercise their rights under the GDPR.