Joint Controllers

18 Feb 2020

Joint Controllers are two or more parties that together decide the purposes and/or means of how personal data is used.

Article 26(1) GDPR provides the definition of the joint controllership: “Where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers”.

The EDPS Guidelines on the concepts of controller, processor and joint controllership under Regulation (EU) 2018/1725 sums up: “a ‘general’ level of complementarity and unity of purpose could already trigger a situation of joint controllership, if the purposes and (essential elements of the) means of the processing operation are jointly determined.”

Article 26(1) and 26(2) GDPR lays out the obligations of the joint controllers that should be regulated in an arrangement (read agreement). The essential elements of the arrangement should be published to the data subjects.

Irrespectively of how the joint controllers have allocated their obligations in the agreement, the data subject may exercise his or her rights under the GDPR in respect of and against each of the Data Controllers.

Synonyms:

joint controllership, joint data controllers

Related Terms:

European Essential Guarantees Recommendations

Data Protection Officer (DPO) guide

DPO conflict of interest

New SCCs from EU – the Definitive Guide

Legitimate Interest Assessment – all You Need to Know

GDPR article 49 derogations applicable to international transfers

How GDPR Affects Recruitment

Retention Policy – An overview

Joint Controllers

Follow to stay updated

most viewed

Schrems II a summary – all you need to know

What is a Personal Data Breach?

Audit Powers of the Data Protection Authority: How to Prepare

trending now

DPO conflict of interest

Schrems II a summary – all you need to know

Extra sensitive data