On 29 July 2019, the Court of Justice of the European Union ("CJEU") rendered its judgment in the "Fashion ID" case (C-40/17).

The CJEU retained a broad concept on joint-controllership with regard to the processing of personal data due to the use of social media tools like certain embedded buttons. According to the CJEU, a website operator using such embedded features can be seen as acting as controller, jointly with the social media editor (i.e. Facebook), as these buttons permit the transmission of personal data (such as IP addresses) to the social media editor.

This decision shall be read in conjunction with previous decisions rendered by the CJEU in 2018, in particular one where an administrator of a Facebook page was considered as a joint-controller with Facebook (case C-210/16).

You may wish to read our full article regarding this case here.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.