LONDON – Facebook and other US tech giants could face a slew of new privacy-related cases in Europe after a top court ruled that every regulator in the region should be able to bring new proceedings.
In 2018, the EU implemented its general data protection regulation, which gives citizens a greater say in how their data is used. In this context, for example, data protection complaints against Facebook would be sent to the Irish data protection officer, as the company’s European headquarters are in Dublin.
However, the Advocate General of the European Court of Justice said on Wednesday that data protection complaints do not necessarily have to be referred to the national regulator, which opens the door for further investigation into data issues in different EU countries.
“Make no mistake, the implications of this opinion, if upheld by the court, are far-reaching as it would give any of the 27 data protection officers across Europe the same right to take action against a rule violation,” said Cillian Kieran , CEO for privacy protection company Ethyca, told CNBC via email.
“The consequences are significant as there are certainly countries in Europe that are much more proactive about strict GDPR enforcement,” said Kieran, adding, “this is likely to lead to a greater number of investigations for companies in different markets. “
Facebook argued that only courts in Ireland could rule over the company’s practices when the company was headquartered. The Belgian data protection authority then asked the ECJ to clarify the legal situation.
“The GDPR allows the data protection authority of a member state to initiate proceedings before a court of that state for an alleged violation of the GDPR in relation to cross-border data processing, although it is not the lead data protection authority entrusted with a general authority to initiate such proceedings”, said the Advocate General of the ECJ on Wednesday.
The attorney’s opinion is not binding, but will be taken into account by ECJ judges who are to decide on the case at a later date.
“We are pleased that the Advocate General reaffirmed the value and principles of the one-stop-shop mechanism put in place to ensure the efficient and consistent application of the GDPR. We are awaiting the final judgment of the Court,” said Jack Gilbert, associate general counsel on Facebook, told CNBC via email on Wednesday.
The one-stop-shop mechanism relates to the cooperation between data protection authorities in cross-border processing.
Privacy concerns have grown in recent years as a result of various scandals. This includes the Cambridge Analytica Facebook saga which appeared in 2018 and in which user data was used to influence the election result.