The top court of the European Union supported the national privacy watchdogsof thebloc to push ahead with more scrutiny and potential sanctions against Facebook and other Silicon Valley giants even when such watchdogs are not the lead regulators.
Citing enforcement bottlenecks, the right of national agencies to act was backed by the EU Court of Justice (CJEU) and the decision was welcomed by the Consumer lobbying group BEUC.
“Most Big Tech companies are based in Ireland, and it should not be up to that country’s authority alone to protect 500 million consumers in the EU,” BEUC Director General Monique Goyens said after the judgement.
Facebook as well as Google, Twitter and Apple are under the purview of the Irish data protection regulator because the European headquarters of the companies are based in the country and the Irish regulator will be able to impose the provision of the GDPR which gives powers to regulators to charge fines on the companies up to 4 per cent of the global turnover of the companies for breach of data privacy.
Following a Belgian court seeking guidance on a challenge by Facebook of the territorial competence of the Belgian data watchdog, the case was taken up by the CJEU. In that case with Facebook, the Belgian court was trying to prevent the tech giant from tracking users through cookies stored in the company’s social plug-ins irrespective of the users having an account on the social media platform or not.
“The BE DPA (Belgium’s data watchdog) now needs to analyse the judgment in more details to determine whether any of the situations described … apply to the case it has opened against Facebook in 2015,” Hielke Hijmans, Chairman of the Belgian Data Protection Authority’s Litigation Chamber, said.
Complaints about the Irish data privacy protection watchdog have been expressed since long by a number of other national watchdogs in the 27-member EU as they criticised their Irish counterpart of taking too long to decide on cases under its purview. The criticisms have however been dismissed by Ireland and argued that it has been extra meticulous in such cases as it was dealing with powerful and well-funded tech giants.
There are a number of cases with the Irish watchdog that still remain undecided and include those related to Facebook-owned Instagram and WhatsApp as well as Twitter, Apple, Verizon Media, Microsoft-owned LinkedIn and United States based digital advertiser Quantcast.
“Under certain conditions, a national supervisory authority may exercise its power to bring any alleged infringement of the GDPR before a court of a member state, even though that authority is not the lead supervisory authority,” the CJEU said.
National regulators of make leadership less necessary which includes making are included in these conditions and that the violations occurred in the relevant EU country, judges said.
“We are pleased that the CJEU has upheld the value and principles of the one-stop-shop mechanism, and highlighted its importance in ensuring the efficient and consistent application of GDPR across the EU,” Jack Gilbert, Facebook’s associate general counsel, said.
(Adapted from Reuters.com)