Abstract

Recent case law of the CJEU has breathed new life into the concept of joint control. After years of oblivion (despite explicit guidance from the Article 29 Working Party) joint control is now gaining practical significance in the EU. All of a sudden it has become clear that it exists in various areas of our life, including social networks, capital groups, and even religious communities. Yet, despite all that, legal status of joint controllers still lacks clarity. It is indeed a very special time for the development of data protection law as the concept of joint control is becoming commonly used while still remaining commonly misunderstood. The article looks at both the lessons learned and future developments. It also attempts to answer some of the most pressing questions. Joint controllership is quite a dynamic legal institution in practice and its understanding may be subject to change. Thus, data protection practitioners should monitor changes in this respect.