Dr. Data Protection, I dare again: Example #6 (“Headhunters”) in the WP169 link mentioned above postulates – for me too little explainer – a joint control between the customer and the headhunter, apparently because the headhunter can “improve the match” by accessing his own contact database. Could it not also be argued for the ratio B to A in such a way that B, if the file of B does not contain the number of people desired by A with the criteria of A, B could expand its own file by means of a free search (cold call) in order to find the number of participants desired by A? And does the relationship between A and B change if B has to interview the participants identified immediately after a questionnaire specified by A and send the recorded interview only to A and not the participants` contact details? Thank you very much. Thank you very much! After reading Article 29 OF THE WORKING PARTY ON DATA PROTECTION, WP169 ([UPDATED LINK]: ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2010/wp169_en.pdf), I had considered whether there was a common responsibility by arguing that A specifies the purposes, but B accepts them and therefore prescribes them indirectly (without B, the processing does not occur because B has the contact details), and A provides the means (including the TOM), but B may insist that A use certain TOM to protect the contact information that belongs to B. However, if there is only one controller-controller or third party or issuer relationship, then there must only be a commercial contract between A and B that approximately ensures security and compliance with the law, and market research participants must consent to the transfer of their data from B and A for the purposes set out in the contract, and A and B must independently protect their personal data as controllers in accordance with the GDPR, right? (Thanks again.) One of these possibilities is joint control. This is a constellation created in Article 26 of the GDPR that allows multiple companies to share and share their customer data or other personal data. At the same time, the Joint Responsibility Institute offers customers clarity as to which contact person they can turn to for data protection issues. The existence of shared responsibility depends on the existence of a shared responsibility between the parties to jointly determine the purposes (and means) of data processing. .