LONDON – Facebook and other US tech giants may face a glut of new cases in Europe regarding data privacy, with a top court saying that any regulator in the region should be able to bring new proceedings.
The European Union implemented its General Data Protection Regulation in 2018, which calls for more and more information on how citizens use their data. In this context, any privacy complaints against Facebook, for example, will be sent to Ireland’s data protection commissioner, noting that the company has its European headquarters in Dublin.
However, the Advocate General of the European Court of Justice said on Wednesday that privacy complaints need not be taken to a domestic regulator – thus opening the door for more scrutiny over data concerns in various EU countries.
“If this opinion upheld by the court has no effect, it is far-reaching because it would give equal rights to any of Europe’s 27 data security commissioners,” said Privacy CEO Cillian Kiran. The company Atheka told CNBC via email.
“The results are significant given that there is certainly a more proactive stance on stronger enforcement of GDPR in countries in Europe,” said Kiran, adding that this would lead to a large number of scrutiny for businesses in the markets.
The opinion released on Wednesday came after a Belgian court ruled in 2015 that Facebook had violated privacy rules to monitor the browsing history of Internet users, whether they were signed on the platform or not.
Facebook argued that only courts in Ireland could rule the company’s practices, given the location of its headquarters. The Belgian Data Protection Authority then asked the ECJ to clarify the legal status.
“The GDPR allows a member state’s data protection authority to proceed before the court of that state for alleged violations of the GDPR in relation to cross-border data processing, notwithstanding that this main data protection authority is not common. Power to initiate such proceedings, ”the ECJ Advocate General said on Wednesday.
The opinion of the advocate is not binding, but is considered by the judges of the ECJ, who are due to render a decision on the case at a later stage.
“We are pleased that the Advocate General has reaffirmed the value and principles of the one-stop-shop mechanism, which was introduced to ensure efficient and consistent application of GDPR. We await the final verdict of the court , “Gilbert Associate General Council. On Facebook, told CNBC via email on Wednesday.
The one-stop-shop mechanism refers to the collaboration between data protection authorities in the case of cross-border processing.
Concerns about data security have increased in recent years in view of various scams. This includes the Cambridge Analytica-Facebook saga emerging in 2018, where users’ data was being used to try to influence the outcome of the election.