This document presents a multi-party access control model for managing shared data in online social networks. It proposes that access control policies for shared data should be specified collaboratively by multiple associated users, not just the data owner. An access control policy format is defined that includes the controller, controller type, accessor, data specification, and authorization effect. A prototype application called MController is implemented that allows multiple users to specify access control policies and resolve conflicts for shared photos. An evaluation of MController found that users had a more positive view of its privacy controls compared to Facebook's default controls. Performance testing showed the policy evaluation mechanism scaled well as the number of controllers increased.