All EU states can take data protection cases against Facebook says EU court

by Joseph K. Clark

Data protection regulators in any European country can bring privacy complaints against Facebook, even though it is regulated in Ireland, according to an opinion by the European Court of Justice.

Advocate General, Michal Bobek, found that under Europe’s General Data Protection Regulation (GDPR), any of the EU’s 27 states can bring privacy actions against the social media company.

The non-binding opinion could increase the number of enforcement actions taken against Facebook and other companies that process personal data if it is adopted by the Court of Justice of the European Union (CJEU).

data protection

The court said in a statement that “the data protection authority in the state where a data controller or processor has its main EU establishment has a general competence to start court proceedings for GDPR infringements about cross-border data processing”.

“The other national data protection authorities concerned are nevertheless entitled to commence such proceedings in their respective member state in situations where the GDPR specifically allows them to do so,” the court said.

Bobek issued the opinion following an attempt by the Belgian data protection regulator to bring enforcement proceedings against Facebook in Belgium.

The Belgian regulator sought to prevent Facebook from using cookies, plug-ins, and pixels to track Belgian citizens across the internet and restrict the “excessive” collection of their personal data.

Facebook Belgium argued that since GDPR came into force, the Belgian data protection regulator no longer had the jurisdiction to take enforcement action against it.

The social media company claimed that its main center of operations in Europe is in Dublin. Only the Irish Data Protection Commissioner (DPC) had the right to bring proceedings against Facebook over its cross-border data processing.

Related Posts

Leave a Comment