The European Court of Justice (CJEU) has endorsed the power of national privacy watchdogs to pursue cases against tech giants even if they are not their lead regulators.
Europe’s top court ruled that national authorities, in cases where cross-border data processing is involved, can bring a company to court in their jurisdiction under privacy rules known as General Data Protection Regulation (GDPR).
The CJEU got involved as an arbiter after a Belgian court sought guidance regarding Facebook’s challenge to the territorial competence of the Belgian data watchdog.
Belgium’s regulator tried to stop Facebook from tracking user’s in Belgium through cookies, regardless of whether they have an account or not, without their informed consent.
Facebook has argued that the Belgian watchdog does not have the jurisdiction to handle the case involving cross-border complaints under the EU’s strict GDPR.
Facebook’s European headquarters are operating in Dublin. The company said that only the Irish Data Protection Commission has the jurisdiction to handle the case.
“Most Big Tech companies are based in Ireland, and it should not be up to that country’s authority alone to protect 500 million consumers in the EU, especially if it does not rise to the challenge,” said Monique Goyens, director-general of the European Consumer Organisation (BEUC).
National watchdogs in the 27-member European Union have long complained of this so-called “one-stop-shop” mechanism in Ireland allowing a backlog of data privacy cases involving big tech companies.
© Fourth Estate
® — All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed.