This thesis considers the plausibility and effect of joint controllership under the European Data Protection Framework for website operators when placing third-party tracking cookies. Traditionally, these cookies have only given rise to a controller-processor relationship between the website operator and third-parties. The recent rulings of the CJEU has broadened the definition of joint controllership, making it questionable whether website operators are always confined to the roles of processors or controllers when placing third-party tracking cookies. If joint controllership is likely, this will affect what information obligations and liabilities rests with the parties and what can be lawfully divided between them. By analyzing the defining criteria for controllership and assessing the obligations and liabilities arising from the legal framework, the author seeks to illuminate when third-party tracking cookies invoke joint control and what practical impact this has.