top of page

Vol.15 Issue 1 (2019)

Web 2.0 and the Concept of ‘Data Controller’: Recent Developments in EU Data Protection Law

Maria Berger & David Eisendle

In order to operationalise the fundamental right to privacy, as reaffirmed by the Supreme Court in the landmark K.S. Puttaswamy judgment, the Indian government has recently introduced a draft data protection legislation. The present draft is inspired — to a considerable extent — by the EU’s GDPR and defines numerous key notions in largely identical terms. In view of these similarities, this paper seeks to examine the recent developments in the EU regarding the concept of ‘data controller’ and its application to what may be termed as a ‘Web 2.0 setting’. The paper commences with a review of the obligations imposed on controllers under the GDPR. Next, it introduces the ‘Web 2.0 setting’ and traces the evolution of the ‘data controller’ concept with the emergence of the internet. The paper then turns to a substantive analysis of the understanding of data controllers in a Web 2.0 context by examining the case of Wirtschaftsakademie Schleswig-Holstein, which concerns the potential joint controllership of Facebook and the administrator of a Facebook fan page. The final section challenges the interpretations of the concept previously adopted by the ECJ and provides suggestions to better realise the objectives of data protection law.


Honorary Professor at the University of Vienna School of Law – Department of European, International and Comparative Law, Austria; former Judge at the Court of Justice of the European Union, Minister of Justice of the Republic of Austria and Member of the European Parliament. ** Legal Secretary (référendaire) in the Chambers of Judge Andreas Kumin at the Court of Justice of the European Union, prior to that in the Chambers of Judge Maria Berger and Advocate General Juliane Kokott; law and business studies in Vienna (Austria), Hong Kong and St. Gallen (Switzerland); LL.M, B.Sc., LL.B.

bottom of page