When you interact with NBCUniversal content through Facebook features, both NBCUniversal and Facebook Ireland are jointly responsible for handling your data under GDPR, and they have a contract between them determining who is responsible for what.
This analysis describes what Peacock's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Joint controller status under GDPR means both companies share legal responsibility for compliance with data subject rights, and users should be aware they may need to direct certain requests to both entities rather than just one.
If you are an EU or UK user and interact with Facebook features on an NBCUniversal service, both NBCUniversal and Facebook Ireland are jointly responsible for your data under GDPR, and your data subject rights may need to be exercised against either or both entities.
How other platforms handle this
If you are in the 'Designated Countries', LinkedIn Ireland Unlimited Company ('LinkedIn Ireland') will be the controller of your personal data provided to, or collected by or for, or processed in connection with our Services. If you are outside of the Designated Countries, LinkedIn Corporation will ...
Checkout.com acts as a data controller in respect of personal data that we collect about merchants and their representatives, and as a data processor when we process personal data on behalf of our merchant clients in connection with the payment services we provide to them.
Mistral AI is authorized to process the Personal Data as Controller for the purposes of: Automated moderation, including abuse monitoring on our APIs (except, in this last case, when zero data retention has been activated), to enforce the Agreement.
Monitoring
Peacock has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Please be aware that certain social media platforms, such as Facebook Ireland, are Joint Controllers (see e.g., Facebook's Terms here). Further information (including about the lawful basis relied upon by Facebook Ireland and how you may exercise your data subject rights) can be found in Facebook Ireland's Data Policy here. We have contracted with Facebook Ireland to determine our respective responsibilities for compliance with GDPR with regard to the Joint Processing.— Excerpt from Peacock's Peacock Privacy Policy
REGULATORY LANDSCAPE: Joint controller arrangements are governed by GDPR Article 26, which requires a transparent arrangement between the controllers and that the essence of that arrangement be made available to data subjects. The disclosure in this policy that a contract exists is a minimum requirement, but GDPR Article 26(2) requires that the arrangement's essence be made available to data subjects, not merely referenced. Enforcement by EU data protection authorities, including the Irish Data Protection Commission, is the primary regulatory channel for Facebook Ireland joint controller matters. GOVERNANCE EXPOSURE: Medium. The policy discloses the joint controller relationship and refers users to Facebook Ireland's Data Policy, which partially satisfies Article 26 transparency requirements. However, the policy does not summarize the essence of the joint controller arrangement, which GDPR Article 26(2) requires be made available to data subjects. This gap could be a basis for regulatory inquiry. JURISDICTION FLAGS: This provision applies specifically to EU and EEA users under GDPR and to UK users under UK GDPR. Users outside these jurisdictions are not protected by the joint controller framework. The Irish Data Protection Commission is the lead supervisory authority for Facebook Ireland matters. CONTRACT AND VENDOR IMPLICATIONS: The joint controller agreement with Facebook Ireland should be reviewed to confirm that responsibilities for handling data subject rights requests, breach notifications, and retention schedules are clearly allocated and consistent with GDPR requirements. The agreement should address which party serves as the primary contact for data subjects. COMPLIANCE CONSIDERATIONS: Compliance teams should verify that the joint controller arrangement with Facebook Ireland meets GDPR Article 26 requirements, including that the essence of the arrangement is accessible to data subjects. A review of the data flows triggered by social media like buttons and sharing plug-ins on NBCUniversal properties should confirm that the lawful basis for each processing activity is documented.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
We read the privacy policies and terms of service of 38 AI platforms. Here is what they say about training, retention, arbitration, and liability.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Joint controller status under GDPR means both companies share legal responsibility for compliance with data subject rights, and users should be aware they may need to direct certain requests to both entities rather than just one.
If you are an EU or UK user and interact with Facebook features on an NBCUniversal service, both NBCUniversal and Facebook Ireland are jointly responsible for your data under GDPR, and your data subject rights may need to be exercised against either or both entities.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Peacock.