LONDON – Facebook and other US tech giants could face a flurry of new cases in Europe regarding data privacy, after a supreme court said any regulator in the region should be able to file new lawsuits.
The European Union implemented its General Data Protection Regulation in 2018, which gives citizens a greater role in how their data is used. In this context, any privacy complaints against Facebook will be forwarded, for example, to the Irish Data Protection Commissioner since the company’s European headquarters are in Dublin.
However, the Attorney General of the European Court of Justice said on Wednesday that privacy complaints do not necessarily have to be brought to the local regulator – thus opening the door for further investigations into data concerns in various EU countries.
“We are not mistaken that the effect of this opinion if upheld by the court is far-reaching because it would give equal right to any of the 27 data protection commissioners across Europe to take action to breach the rules,” Kylian Kieran, Ethyca Privacy CEO, told CNBC by email.
“The consequences are significant given that there are certainly countries within Europe that have a more proactive stance on robust enforcement of the GDPR,” Kiran said, adding that “this is likely to lead to a greater number of investigations for companies across the markets.”
The opinion, issued on Wednesday, comes after a Belgian court ruled in 2015 that Facebook violated privacy rules to monitor internet users’ browsing history whether or not they registered on the platform.
Facebook has argued that only courts in Ireland can judge the company’s practices due to its headquarters location. The Belgian data protection authority then asked the European Court of Justice to clarify the legal situation.
“The General Data Protection Regulation (GDPR) allows a data protection authority in a member state to bring claims in a court in that country for an alleged violation of the General Data Protection Regulation (GDPR) regarding cross-border data processing, although it is not the primary data protection authority entrusted with General The Prosecutor General of the European Court of Justice said on Wednesday “the authority to initiate such procedures.”
The attorney’s opinion is not binding, but is taken into account by the judges of the European Court of Justice, who are scheduled to rule on the case at a later stage.
“We are pleased that the Attorney General has reaffirmed the value and principles of the Single Window Mechanism, which has been introduced to ensure the effective and consistent application of the GDPR. We await the final ruling of the court,” Jack Gilbert, Assistant General Counsel at Facebook, told CNBC via email Wednesday.
Single window mechanism refers to cooperation between data protection authorities in the case of cross-border processing.
Concerns about data protection It has grown in recent years in the wake of various scandals. This includes the 2018 Cambridge Analytica-Facebook saga, in which user data was used to try to influence election results.