After the EU Supreme Court supports the national privacy regulator to track down Facebook and other Silicon Valley giants, even if they are not their main regulator, they may face more scrutiny and sanctions in the EU.
The consumer lobby group BEUC welcomed the European Court of Justice (CJEU) ruling on Tuesday, which supports the right of state agencies to take action on the grounds that there are bottlenecks in law enforcement.
Like Google, Twitter, and Apple, Facebook’s European Union headquarters is in Ireland. According to a privacy rule called GDPR, Facebook puts it under the supervision of the Irish data protection regulator, which allows for the company’s global turnover. A fine of up to 4%. violation.
After the Belgian court sought guidance on Facebook’s challenge to the territorial jurisdiction of the Belgian data regulator, CJEU stepped in, the agency tried to prevent it from tracking Belgian users through cookies stored in the company’s social plug-ins, regardless of whether they have an account or not.
“Most large technology companies are based in Ireland, and the protection of the EU’s 500 million consumers should not be determined by the country’s power alone, especially if it does not respond to challenges,” said BEUC Director-General Monique Gones.
Several national regulators in the 27 EU member states have long complained about their Irish counterparts, saying that it takes too long to make a decision on the case. Ireland ignored this, saying it must be extra careful when dealing with powerful and well-funded tech giants.
Ireland’s ongoing cases include Facebook’s Instagram and WhatsApp, as well as Twitter, Apple, Verizon Media, Microsoft’s LinkedIn and US digital advertiser Quantcast.
CJEU stated: “In some cases, national regulatory agencies can exercise the power to submit any suspected violations of GDPR to the courts of member states, even if the agency is not the main regulatory agency.”
The judge stated that these conditions include the regulatory agencies following the cooperation and consistency procedures set out in the GDPR, and that violations occur in relevant EU countries.
Facebook’s Deputy General Counsel Jack Gilbert said: “We are pleased that the European Court of Justice adheres to the values and principles of a one-stop mechanism and emphasizes its importance in ensuring the efficient and consistent application of GDPR throughout the EU.”
The technology lobby group CCIA stated that the ruling may lead to inconsistencies and uncertainty in enforcement and increase costs.
Alex Roure, CCIA’s senior European policy manager, said: “This also opens the back door for all national data protection law enforcement officers to file multiple lawsuits against the company.”
“The EU’s data protection compliance may become more inconsistent, fragmented and uncertain. We urge national authorities to be cautious when launching multiple procedures, which will weaken the certainty of the law and further enhance the EU’s data protection compliance. Complicated,” he said.
The case is C-645/19 Facebook Ireland & Others.
© Thomson Reuters 2021