LONDON – Facebook and other US technology giants could face a spate of new data privacy issues in Europe, after a high court ruled that any regulator in the region should be able to bring about new proceedings.
The EU implemented its General Data Protection Regulation in 2018, giving citizens more say in how their data is used. In this context, for example, any privacy complaints against Facebook would be sent to Ireland’s Commissioner for Data Protection, as the company’s European headquarters are in Dublin.
However, the Advocate General of the European Court of Justice said on Wednesday that privacy complaints do not necessarily have to be taken to the local regulator, thus opening the door for more investigations into data in various EU countries.
“Make no mistake, the impact of this opinion if it is upheld by the court is far-reaching, as it would give one of the 27 Commissioners for Data Protection in Europe an equal right to act for the violation of the rules, “said Cillian Kieran, chief executive of privacy. Ethyca, told CNBC in an email.
“The consequences are significant given that there are certainly countries in Europe with a much more proactive attitude about the strong enforcement of the AVG,” Kieran also said, adding that “this is likely to lead to a greater number of investigations for businesses across the market. will result. “
The opinion issued on Wednesday comes after a Belgian court ruled in 2015 that Facebook was violating privacy rules for monitoring Internet users’ browsing history, regardless of whether they were logged in to the platform or not.
Facebook has argued that only courts in Ireland can rule on the company’s practices given the location of its headquarters. The Belgian data protection authority then asked the EC Court to clarify the legal situation.
“The AVG enables the data protection authority of a Member State to appear before a court of that State for an alleged infringement of the AVG with regard to the processing of cross-border data, although it is not the leading data protection authority which a general force to initiate such proceedings, ”the ECJ’s Advocate General said on Wednesday.
The lawyer’s opinion is not binding, but is taken into account by judges of the ECJ, who must rule later in the case.
“We are delighted that the Advocate General has reaffirmed the value and principles of the one-stop shop mechanism, which has been set up to ensure the efficient and consistent application of the AVG. We are awaiting the final ruling of the court,” Jack said. Gilbert, co-principal attorney, said. on Facebook, told CNBC in an email on Wednesday.
The one-stop mechanism refers to the cooperation between the data protection authorities in the case of cross-border processing.
Concerns about data protection have increased over the past few years following various scandals. These include the Cambridge Analytica Facebook saga that emerged in 2018, where users’ data was used to try to influence the outcome of elections.