The adviser to the EU’s highest court has issued a recommendation allowing data protection agencies in any EU country to take legal action against Facebook or any other tech company, even if their regional headquarters is located in another EU state.
The recommendation was issued after Facebook tried to push back the Belgian privacy regulator in a data case by claiming that its European Union headquarters were in Dublin and therefore Ireland was the lead authority in the EU for the US social media giant.
Advocate General Michal Bobek, adviser to the Court of Justice of the European Union, has recommended that the data protection agency of any EU country be able to take legal action in various situations, even if it was not the lead authority.
If the recommendation is followed, it could prompt national agencies in the 27 EU members to take action against other US tech companies, such as Google, Twitter and Apple, which also have their European headquarters in Ireland.
Facebook did not provide an immediate comment.
EU judges often follow the general opinions of lawyers, but this is not mandatory. They usually render a decision within two to four months.
The Belgian regulator sought to prevent Facebook from collecting data on the surfing behavior of Belgian users to show them targeted advertisements without their valid consent. The regulator said this happened even though the user did not have a Facebook account.
Facebook challenged this on the grounds that the Irish privacy watchdog is Facebook’s primary authority.
Bobek said that the lead authority has general competence over cross-border data processing and that the power of other authorities to initiate legal proceedings is limited in cross-border cases on the basis of the listed ‘one-stop-shop’ mechanism. in EU rules.
But he said the lead authority needed to cooperate closely with other data protection authorities, who he said could still bring cases to their courts.
EU privacy rules, known as the General Data Protection Regulation (GDPR), leave leeway for other national privacy regulators to rule on breaches limited to a specific country. France and Germany have already done so.
© Thomson Reuters 2020
What will be the most exciting tech launch of 2021? We discussed it on Orbital, our weekly tech podcast, which you can subscribe to through Apple Podcasts, Google Podcasts, or RSS, download the episode, or just click the play button below.