LONDON – Facebook and other US technology giants could face a number of new cases in Europe regarding data confidentiality, after a high court said that every regulatory body in the region should be able to initiate new proceedings.
The EU has implemented its General Data Protection Regulation in 2018, which gives citizens a greater say in how their data is used. In this context, any privacy complaints against Facebook, for example, will be sent to the Data Protection Commissioner in Ireland, given that the company̵
However, the Advocate General of the European Court of Justice said on Wednesday that privacy complaints do not have to go to the internal regulatory body – opening the door to more investigations into data concerns in various EU countries.
“Do not be fooled that the impact of this opinion, if confirmed by the court, is far away, as it will give equal rights to each of the 27 data protection commissioners across Europe to take action to break the rules,” Sillian Kieran, CEO of Ethyca, told CNBC by email.
“The consequences are significant, given that there are certainly countries in Europe with a much more active stance on the strict implementation of the GDPR,” Kieran said, adding that “this is likely to lead to more investigations.” for business in different markets. “
The statement, released on Wednesday, came after a Belgian court ruled in 2015 that Facebook had violated privacy rules to monitor the browsing history of Internet users, whether or not they were registered on the platform.
Facebook claims that only the courts in Ireland can rule on the company’s practices, given the location of its headquarters. The Belgian data protection authority then asked the Court of Justice to clarify the legal situation.
“The GDPR allows a data protection authority of a Member State to bring an action before a court of that State for an alleged breach of the GDPR with regard to cross-border data processing, although it is not the lead data protection authority initiate such proceedings, “the CEO’s attorney general said on Wednesday.
The lawyer’s opinion is not binding, but is taken into account by the judges of the Court of Justice, who must rule on the case at a later stage.
“We are pleased that the Advocate General has reaffirmed the value and principles of the one-stop shop mechanism that has been put in place to ensure the effective and consistent implementation of the GDPR. told CNBC by email on Wednesday.
The one-stop shop refers to cooperation between data protection authorities in the event of cross-border processing.
Concerns about data protection have grown in recent years as a result of various scandals. This includes the Cambridge Analytica-Facebook saga, which appeared in 2018, where user data was used to try to influence the election result.