The article analyses and evaluates the three landmark decisions by the CJEU on joint controllership in the light of the general criteria establishing controllership (III.1. to III.3.). Based on this analysis and in an effort to bridge the plethora of logical gaps and questions concerning the identification of joint control, the article establishes five key criteria to facilitate a manageable and verifiable assessment of a potential joint control scenario (III.4.).

The recent decision from the Ninth Circuit Court of Appeals in a dispute between LinkedIn and hiQ Labs has spotlighted the thorny legal issues involved in combatting unauthorized webscraping of data from public websites. While some may interpret the LinkedIn decision as greenlighting such activity, this would be a mistake. On close review of the decision, and in light of other decisions that have held unauthorized webscrapers liable, the conduct remains vulnerable to legal challenge in the United States.

The new safety requirements under the Second Payment Services Directive (PSD II) came into effect on 14 September 2019. Their interpretation and the supervisory practice in Germany lead to certain limitations in the scope of their application. German courts dealt with, inter alia, charges for the use of specific payment methods, the allocation of liability in fraud cases, chargebacks under PayPal’s buyer protection scheme, and discriminations against EU residents in the context of payments. The German Financial Services Supervisory Authority (BaFin) takes a comparatively strict approach to regulating crypto assets used for payments.