We continue our series of blog posts on the draft “Guidelines 07/2020 on the concepts of controller and processor in the GDPR” (“draft Guidelines”) issued by the European Data Protection Board (“EDPB”) on 7 September 2020. This issue focuses on the updates to the concept of joint controller. See our previous issues on the draft Guidelines’ proposed updates to the concepts of processor here and on controller here. Please note that the proposed Guidelines are subject to change in response to feedback received but are unlikely to be amended significantly in their final form.
Part 3: Focus on Joint Controllers
What is new in the draft Guidelines?
The draft Guidelines incorporate the holdings of recent judgments of the Court of Justice of the EU (“CJEU”) that expand and clarify the concepts of controller and joint controller.