Shifting Responsibilities: The Challenges of Joint-Controllership


  • Valentina Colcelli


  • Nana Botchorichvili
  • Michèle Finck
  • Diletta De Cicco
  • Cecilia Alvarez
  • Karolina Mojzesowicz

Organisation: Facebook

Room: Grand Hall Online

Timing: 11:45 - 13:00 on 28 January 2021

With their guidelines on the concepts of controller, processor and joint-controllership, and the one on targeting of social media users, the EDPB has shown the desire to provide guidance about the allocation of data protection responsibilities. This gives rise to new complications and questions.

• What new proposals on the construction of joint-controllership are on the table?
• What are the merits and challenges of a joint liability for different actors?
• Which sectors will be impacted?
• How to navigate the challenges of joint-controllership?


Valentina Colcelli

Italian National Research Council (IT)

Valentina Colcelli Ph.D., is Researcher of Researcher of National Research Council (CNR). Her main research interests focus on the interaction of domestic and European law, legal and ethical issues in research and innovation activities, and effective judicial protection of biodiversity in light of fundamental rights. She published books concerning EU integration and more than 80 papers. She is a member of several projects funded by the EU and long-lasting research cooperation international research groups. She is co-chair of W.G.“Regulatory, Ethics, and GDPR” for European, Middle East &African for Biopreservation and Biobanking" and Co-coordinator of W.G. on Ethical, Legal issues related to Biobank and Research activities-Realise.


Nana Botchorichvili

French Data Protection Authority (CNIL)(FR)

Nana Botchorichvili is legal officer at the European and International Affairs Department of the French Data Protection Authority (CNIL). Her activities involve advising on, developing and defending the CNIL’s positions on topics having a European and International dimension in particular by taking part in the work of expert subgroups of the European Data Protection Board. She notably focuses on issues relating to international transfers of data and key provisions of the GDPR. Before joining the CNIL in 2017, Nana was an attorney within Bird & Bird’s International Privacy & Data Protection Group where she spent five years. Nana is a lecturer in data protection law at the University of Paris II Panthéon – Assas as well as at Paris – Descartes University.

Michèle Finck

Max Planck Institute for Innovation and Competition (DE)

Michèle Finck is a Senior Researcher at the Max Planck Institute for Innovation and Competition and a Fellow at University College London. Her research engages with the interaction between law and technological innovation with a particular focus on the GDPR, blockchain, big data (analysis) and platforms. She previously worked at the London School of Economics and the University of Oxford.

Diletta De Cicco

Steptoe (IT/BE)

Diletta De Cicco is a lawyer in the Cybersecurity, Data & Privacy department of Steptoe and Johnson, Brussels. Diletta assists clients to comply with existing EU and national cybersecurity, data, and privacy laws. She provides practical and pragmatic advice to clients faced with increased accountability requirements and she assists them in developing compliance and awareness programs and in dealing with cross-border data breaches, data transfer mechanisms and the negotiation of data processing agreements. Diletta is also an academic assistant at UCLouvain, where she is part of the research group DRAILS (Data, Robotics, Artificial Intelligence, Law and Society). She serves as IAPP KnowledgeNet chapter chair in Brussels.

Cecilia Alvarez

Facebook (ES)

EMEA Privacy Policy Director at Facebook since March 2019. In the previous 4 years, she served as the European DPO in Pfizer and was the acting Legal Director of the Spanish Pfizer subsidiaries. She formerly worked 18 years in a reputed Spanish law firm, leading the data protection, IT and ecommerce areas of practice as well as the LATAM Data Protection Working Group.
Cecilia is in charge of the international affairs of the Spanish Privacy Association (APEP) that she previously chaired, member of CEDPO (Confederation of European Data Protection Organisations), of the Leadership Council of The Sedona Conference (W-6) and of the Spanish Royal Academy of Jurisprudence and Legislation.
She formed of the experts reviewing the 2013 OECD data protection guidelines.

Karolina Mojzesowicz


Karolina Mojzesowicz is the Deputy Head of Unit of the unit responsible for data protection at the European Commission (DG Justice and Consumers). She was one of the Commission's representatives in the interinstitutional negotiations with Parliament and Council on the General data Protection Regulation (GDPR). She is now responsible for its implementation in the EU. Mrs Mojzesowicz previously served as a member of the European Commission's Legal Service, focusing on EU Competition law and International Trade law. In that capacity, she represented the Commission in numerous cases before the European Courts and before the WTO panels and Appellate Body. Mrs Mojzesowicz studied law in Poland, the Netherlands and Germany where she obtained her PhD in 2001.