EU Court Opens Up Floodgates for GDPR
The EU implemented GDPR in 2018, which allows consumers greater say over how their data is handled and used. Initially, any privacy complaints against tech firms like Facebook, for example, would be sent to Ireland’s Data ProtectionCommissioner, as the company’s European headquarters are in Ireland.
On Wednesday, however, the European Court of Justice ruled that privacy complaints do not have to be taken to the domestic regulator. The ruling comes as no surprise given that Ireland's Data Protection Commissioner is notoriously underfunded and slow-moving. This will open a door for more investigations into privacy concerns throughout Europe.
The recent opinion comes after a 2015 ruling from a Belgian court stating that Facebook breached privacy rules for monitoring internet users’ browsing history regardless of whether they had signed up for Facebook or not. Facebook’s position was that only courts in Ireland could rule on the company’s privacy practices given the location of its headquarters in Dublin. The Belgian Data Protection Authority in return asked the ECJ to give clarity on the legal jurisdiction and the situation in question.
“The GDPR permits the data protection authority of a Member State to bring proceedings before a court of that State for an alleged infringement of the GDPR with respect to cross-border data processing, despite it not being the lead data protection authority entrusted with a general power to commence such proceedings,” the ECJ’s Advocate General stated after the ruling was announced on Wednesday.
The Advocate General’s opinion is not necessarily completely binding though. It is, however, taken into consideration by ECJ judges in future rulings. Concerns over data protection have grown in recent years in the wake of different scandals. This includes the Cambridge Analytica-Facebook saga that emerged in2018, where users’ data was being used to try to influence the outcome of elections.
“We are pleased that the Advocate General has reaffirmed the value and principles of the one-stop-shop mechanism, which was introduced to ensure the efficient and consistent application of GDPR. We await the Court’s final verdict,” said Jack Gilbert, associate general counsel at Facebook, while speaking with reporters recently.