Data protection law responsibility structures in complex online actor networks

To date, data protection law has for the most part focused on contractual, usage and order relationships with fundamentally separated spheres of responsibility when addressing the  complex interplay of service providers, the technical infrastructure level and content providers in Web 2.0. As a result, it hardly does justice to the shared work cooperation in social networks, app services or complex online platforms. An article by Prof Mario Martini on the subject has already found an echo in a ruling by the ECJ (C-210/16 of 5.6.2018) on Facebook fan pages (Martini/Fritzsche, NVwZ-Extra 21/2015, 1–16). At the same time, the ECJ verdict has thrown up new questions that require a detailed examination and response.

In the meantime, the GDPR, to some extent, took a central legal challenge into account: it has introduced the possibility of joint responsibility in data protection law. The requirements of Art. 26 GDPR and its inherent room for manoeuvre now form the material from which the project will distil an appropriate distribution of responsibility areas and associated liability risks. The goal of the project is the normatively secured delimitation ofresponsibility structures on the Internet.

In particular, blockchain applications require new legal doctrine responses on responsibility. Up to now, the question how data protection law is to handle forms of decentralised data processing has remained open. Legally, certain responses are required in particular for innovative blockchain-based approaches in public administration and for the associated situations of a public-private partnership.

Contact us

Prof. Dr. Mario Martini


Dr. Jonas Botta