LONDON – Facebook and other US technology giants could face a number of new cases of data privacy in Europe, after a top court said any regulator in the region should be able to initiate new proceedings.
The EU has implemented its General Data Protection Regulation in 2018, which gives citizens a bigger say in how their data is used. In this context, any privacy complaint against Facebook, for example, would have been sent to the Irish Commissioner for Data Protection, given that the company’s European headquarters are in Dublin.
However, the Advocate General of the European Court of Justice said on Wednesday that confidentiality complaints do not necessarily have to be sent to the internal regulator – thus opening the door for more investigations into data issues in various EU countries.
“Don’t get me wrong the impact of this opinion if confirmed by the court is far-reaching, as it would give equal access to any of the 27 data protection commissioners across Europe to take action to break the rules,” said Cillian Kieran, CEO Ethyca’s privacy statement, CNBC said in an email.
“The consequences are significant, given that there are certainly countries in Europe with a much more proactive stance on the strong application of the GDPR,” Kieran added, adding that “this is likely to lead to more investigations for undertakings in the markets “.
The opinion issued on Wednesday comes after a Belgian court ruled in 2015 that Facebook violated the privacy rules for monitoring the browsing history of Internet users, regardless of whether or not they were registered on the platform.
Facebook has argued that only Irish courts could decide on the company’s practices, given the location of its headquarters. The Belgian Data Protection Authority then asked the ECJ to clarify the legal situation.
‘The GDPR allows the data protection authority of a Member State to bring an action before a court of that Member State for an alleged infringement of the GDPR with regard to cross-border data processing, although it is not the main data protection authority the power to initiate such proceedings, “the ECJ attorney general said on Wednesday.
The lawyer’s opinion is not binding, but is taken into account by the ECJ judges, who are to rule on the case at a later stage.
“We are pleased that the Advocate General has reaffirmed the value and principles of the one-stop shop mechanism, which was introduced to ensure the effective and consistent application of the GDPR. We await the Court’s final verdict,” Jack Gilbert, associate attorney general at Facebook, told CNBC on Wednesday. e-mail.
The one-stop shop mechanism refers to the cooperation between data protection authorities in the case of cross-border processing.
Data protection concerns have increased in recent years as a result of various scandals. This includes the Cambridge Analytica-Facebook saga that appeared in 2018, where user data was used to try to influence the election result.