Schrift vergrößern Schrift verkleinern Kontrast ändern zurücksetzen


German Research Institute for Public Administration

Controllership under data protection law in complex online stakeholder networks

Data protection law governs the complex interplay between service providers, technical infrastructure and providers of content on Web 2.0, primarily along linear relationships of a contractual, use-based and order-related nature with generally separate spheres of responsibility so far. This hardly takes account of the division of labour for collaboration in social networks, in the case of app services and on complex online platforms. Meanwhile, an essay by Prof. Mario Martini has found echo in the ECJ case law (C-210/16 v. 5.6.2018) on Facebook fanpages (see Martini/Fritzsche, NVwZ-Extra 21/2015, 1-16). At the same time, the judgment raises new questions which need to be examined and answered.

On top, the problem of joint controllership has now been addressed by Art. 26 GDPR. The requirements set out in the Regulation and the inherent scope for interpretation now form the basic material from which the project will glean an appropriate distribution of areas of responsibility as controller and the associated liability risks. There is a particular need for this in the case of different levels of involvement and situations of mixed participation of public and private bodies.

Blockchain applications particularly call for new dogmatic structures - especially in public administration and associated situations of public private partnerships. So far, it remains an unanswered question how data protection law will deal with the challenges posed by decentralized data processes like in blockchain and distributed ledger technology. The project seeks to find appropriate answers and recommendations.


  • Martini, Mario, in: Paal, Boris P./Pauly, Daniel A. (Hrsg.), Datenschutz-Grundverordnung. Kommentar, 2017,
    • Art. 24 (Verant­wortung des für die Ver­arbeitung Ver­antwort­lichen),
    • Art. 25 (Daten­schutz durch Technik­gestaltung und durch daten­schutz­freundliche Vor­einstellungen),
    • Art. 26 (Gemeinsam für die Ver­arbeitung Ver­antwort­liche),
    • Art. 27 (Ver­treter von nicht in der Union nieder­gelassenen Ver­antwortlichen oder Auftrags­verarbeitern),
    • Art. 28 (Auftrags­verarbeiter),
    • Art. 29 (Ver­arbeitung unter der Aufsicht des Ver­antwort­lichen oder des Auftrags­verarbeiters),
    • Art. 30 (Ver­zeichnis der Ver­arbeitungs­tätig­keiten),
    • Art. 31 (Zusammen­arbeit mit der Aufsichts­behörde).

Note: The text on this home page is copyrighted. It is taken verbatim or based on Martini, "Digitalisierung als Herausforderung und Chance für Staat und Verwaltung" (Digitalisation as Challenge and Chance for State and Administration), FÖV Discussion Paper No. 85, 2016, in particular p. 70 ff.


Senior Fellow

Prof. Dr. Mario Martini



David Wagner

David Wagner



Tobias Rehorst