Any EU country can take legal action against companies such as Facebook on cross-border violations of data privacy rules, not just the company’s main responsible regulator, a senior court adviser said Wednesday.
Advice from European Court of Justice Advocate General Michal Bobek also paves the way for new data privacy cases across the EU, experts said.
The opinion, which is often followed by the court, anticipates a formal decision by the judges of the European Court of Justice expected by the end of the year.
Facebook argues that the Belgian watchdog, which initiated the case in 2015, no longer has jurisdiction after the EU’s strict General Data Protection Regulation went into effect in 2018. The company says that under the GDPR, only a national data protection authority has the power to handle legal cases involving cross-border data complaints – a system known as a “one-stop shop”. In Facebook This is the case of the Data Protection Commission in Ireland, where the company’s European headquarters are based.
“The lead data protection authority cannot be regarded as the sole guarantor of the GDPR in cross-border situations and must, in compliance with the relevant rules and the time limits set by the GDPR, work closely with the other protection authorities of the data concerned, “the opinion said.
Facebook he said he was “satisfied that the Advocate General has reaffirmed the value and principles of the one-stop shop mechanism, introduced to ensure the efficient and consistent application of the GDPR. We await the final verdict of the court. ”Privacy advocates and experts said the council could change the way data privacy cases are handled by removing the pressure from a single watchdog.
Johnny Ryan, a senior fellow at the Irish Council for Civil Liberties, said Bobek is reporting that the Irish privacy regulator “can no longer use its lead authority status for Google,” Facebook, etc. to prevent the application of the GDPR across the EU. “The Irish watchdog has been criticized for failing to deal quickly enough with a growing pile of cross-border data privacy cases involving large tech companies since the GDPR went into effect. He has issued his first such sentence to Twitter last month, fining her for breaching security, but there are still about two dozen missing.
Businesses could also face a greater compliance burden by responding to more privacy cases in more EU markets, because it would be easier for people to file complaints with their local privacy watchdog, said Cillian Kieran, CEO of startup Ethyca. for privacy compliance.
(This story has not been edited by Devdiscourse staff and is automatically generated from a syndicated feed.)
- The opinion of the EU court leaves Facebook more exposed on privacy