When you interact with NBCUniversal content through Facebook features, both NBCUniversal and Facebook Ireland are jointly responsible for handling your data under GDPR, and they have a contract between them determining who is responsible for what.
This analysis describes what Peacock's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Joint controller status under GDPR means both companies share legal responsibility for compliance with data subject rights, and users should be aware they may need to direct certain requests to both entities rather than just one.
If you are an EU or UK user and interact with Facebook features on an NBCUniversal service, both NBCUniversal and Facebook Ireland are jointly responsible for your data under GDPR, and your data subject rights may need to be exercised against either or both entities.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...
Monitoring
Peacock has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Please be aware that certain social media platforms, such as Facebook Ireland, are Joint Controllers (see e.g., Facebook's Terms here). Further information (including about the lawful basis relied upon by Facebook Ireland and how you may exercise your data subject rights) can be found in Facebook Ireland's Data Policy here. We have contracted with Facebook Ireland to determine our respective responsibilities for compliance with GDPR with regard to the Joint Processing.— Excerpt from Peacock's Peacock Privacy Policy
REGULATORY LANDSCAPE: Joint controller arrangements are governed by GDPR Article 26, which requires a transparent arrangement between the controllers and that the essence of that arrangement be made available to data subjects. The disclosure in this policy that a contract exists is a minimum requirement, but GDPR Article 26(2) requires that the arrangement's essence be made available to data subjects, not merely referenced. Enforcement by EU data protection authorities, including the Irish Data Protection Commission, is the primary regulatory channel for Facebook Ireland joint controller matters. GOVERNANCE EXPOSURE: Medium. The policy discloses the joint controller relationship and refers users to Facebook Ireland's Data Policy, which partially satisfies Article 26 transparency requirements. However, the policy does not summarize the essence of the joint controller arrangement, which GDPR Article 26(2) requires be made available to data subjects. This gap could be a basis for regulatory inquiry. JURISDICTION FLAGS: This provision applies specifically to EU and EEA users under GDPR and to UK users under UK GDPR. Users outside these jurisdictions are not protected by the joint controller framework. The Irish Data Protection Commission is the lead supervisory authority for Facebook Ireland matters. CONTRACT AND VENDOR IMPLICATIONS: The joint controller agreement with Facebook Ireland should be reviewed to confirm that responsibilities for handling data subject rights requests, breach notifications, and retention schedules are clearly allocated and consistent with GDPR requirements. The agreement should address which party serves as the primary contact for data subjects. COMPLIANCE CONSIDERATIONS: Compliance teams should verify that the joint controller arrangement with Facebook Ireland meets GDPR Article 26 requirements, including that the essence of the arrangement is accessible to data subjects. A review of the data flows triggered by social media like buttons and sharing plug-ins on NBCUniversal properties should confirm that the lawful basis for each processing activity is documented.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Joint controller status under GDPR means both companies share legal responsibility for compliance with data subject rights, and users should be aware they may need to direct certain requests to both entities rather than just one.
If you are an EU or UK user and interact with Facebook features on an NBCUniversal service, both NBCUniversal and Facebook Ireland are jointly responsible for your data under GDPR, and your data subject rights may need to be exercised against either or both entities.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Peacock.