EU Court Opens Up Floodgates for GDPR

Facebook, Google, and other tech companies could face a vast wave of new data privacy cases in Europe

EU Court Opens Up Floodgates for GDPR

The EU implemented GDPR in 2018, which allows consumers greater say over how their data is handled and used. Initially, any privacy complaints against tech firms like Facebook, for example, would be sent to Ireland’s Data ProtectionCommissioner, as the company’s European headquarters are in Ireland.

On Wednesday, however, the European Court of Justice ruled that privacy complaints do not have to be taken to the domestic regulator. The ruling comes as no surprise given that Ireland's Data Protection Commissioner is notoriously underfunded and slow-moving. This will open a door for more investigations into privacy concerns throughout Europe.

The recent opinion comes after a 2015 ruling from a Belgian court stating that Facebook breached privacy rules for monitoring internet users’ browsing history regardless of whether they had signed up for Facebook or not. Facebook’s position was that only courts in Ireland could rule on the company’s privacy practices given the location of its headquarters in Dublin. The Belgian Data Protection Authority in return asked the ECJ to give clarity on the legal jurisdiction and the situation in question.

“The GDPR permits the data protection authority of a Member State to bring proceedings before a court of that State for an alleged infringement of the GDPR with respect to cross-border data processing, despite it not being the lead data protection authority entrusted with a general power to commence such proceedings,” the ECJ’s Advocate General stated after the ruling was announced on Wednesday.

The Advocate General’s opinion is not necessarily completely binding though. It is, however, taken into consideration by ECJ judges in future rulings. Concerns over data protection have grown in recent years in the wake of different scandals. This includes the Cambridge Analytica-Facebook saga that emerged in2018, where users’ data was being used to try to influence the outcome of elections.

“We are pleased that the Advocate General has reaffirmed the value and principles of the one-stop-shop mechanism, which was introduced to ensure the efficient and consistent application of GDPR. We await the Court’s final verdict,” said Jack Gilbert, associate general counsel at Facebook, while speaking with reporters recently.



More News Stories

November 30, 2022
Data Governance and Why it Matters

It is Sir Francis Bacon that is often attributed to the phrase “knowledge is power” first stated in his work Meditationes Sacrae back in 1597. These words have lived on and proved to be true in many walks of life including that of the modern business environment

Read story
October 20, 2022
Building a Duty of Responsibility

Quite often in the realm of compliance, the discussion is focused primarily on the organization

Read story
October 12, 2022
Building an Effective Risk Framework: The Three Lines of Defense

Advancing technology, increasing regulation, and shifts in societal norms pave the way for new or unforeseen risks to appear at any minute

Read story