In a ruling on Teusday, the Court of Justice of the European Union (CJEU) gave the green light to national data protection regulators to sue big tech companies like Facebook, Google and Twitter over privacy concerns. The EU court’s ruling grants autonomy to all data protection regulators across the bloc to protect the privacy of internet users and hold these companies accountable for tracking and using user information.
Euronews reported that the judgement further expands the EU’s privacy laws, also known as the General Data Protection Regulation (GDPR). While hailing the decision, the European Consumer Organisation said the judgment would help protect citizens’ private data. However, tech lobbying groups stated that “the ruling risked making data protection compliance in the EU more inconsistent, fragmented and uncertain.”
A press release by the Court mentioned that an injunction against Facebook Ireland, Facebook Inc., and Facebook Belgium was first filed at the Court of First Instance in Brussels by the President of the Belgian Privacy Commission on September 11, 2015 for violating the privacy of Belgian internet users.
In February 2018, the Court ruled that the consent given by users for the collection of data remains invalid since Facebook failed to adequately inform the users of data collection and its usage. Facebook Ireland, Facebook Inc., and Facebook Belgium appealed at the Court of Appeals in Brussels against the judgement. The Court of Appeals ruled that the authority to deliver a verdict on data privacy concerning Facebook Belgium solely lies with the CJEU, as the Facebook headquarters is in Ireland, meaning that it falls outside the jurisdiction of the Belgian court. Under GDPR’s ‘one-stop shop’ mechanism, only the lead data protection authority of the EU has the power to file injunctions against “cross-border data complaints” and the EU’s lead data commission is in Dublin, Ireland.
The GDPR included the ‘one-stop shop’ mechanism to simplify business operations across the bloc. However, this move met with severe criticism, as it created a backlog of data protection cases and delayed the processing of GDPR complaints.
Tuesday’s ruling gives regional Data Protection Authorities (DPA) more autonomy to pursue cases against the tech giants under certain circumstances. Tech Crunch reported that the order would open up the “possibility of litigation by watchdogs in the Member States which aren’t the lead regulator for a particular company but where the local agency believes there is an urgent need to act.” This ruling could fast track the processing of complaints and ensure faster implementation of the judgements. The court stated: “To successfully prosecute an alleged violation, a lower court must determine that Belgian data authorities appropriately followed all other procedures laid out in GDPR and that the enforcement occurred under one of the exceptions that permits another EU country to intervene.”
A research fellow at the University of Oslo told Tech Crunch: “The court has essentially confirmed the views that the advocate general had expressed in his opinion. Under the GDPR’ one-stop-shop system, those data protection authorities that are not the ‘lead authority’ may start enforcement actions against big tech companies only in minimal circumstances, including in case of urgency.” He added that the ruling has failed to elaborate on the criteria to allow DPAs’ to pursue action against tech companies. In a statement, Jack Gilbert, an associate general counsel at Facebook, said, “We are pleased that the CJEU has upheld the value and principles of the one-stop-shop mechanism and highlighted its importance in ensuring the efficient and consistent application of GDPR across the EU.”
The implications of the regulations remain unknown at this stage because the court has not elaborated on the “certain conditions” that would allow DPAs to act independently and file cases.
EU Court Allows Data Protection Authorities to Sue Big Tech Companies
The European Union Court of Justice allows national Data Protection Authorities to sue big tech companies like Apple, Facebook, Twitter over privacy concerns
June 16, 2021
SOURCE: THE NEW YORK TIMES