LUXEMBOURG (CN) — Ireland, where Facebook has its European headquarters, doesn’t have a monopoly on bringing allegations of privacy violations against the social media giant, the EU’s top court held on Tuesday
The Court of Justice of the European Union found that, in some cases, national data watchdogs can initiate proceedings against tech companies, despite the one-stop-shop policy of the EU's General Data Protection Regulation, or GDPR, which puts the country where the company is headquartered at the helm.
“A supervisory authority of a member state which...has the power to bring any alleged infringement of that regulation to the attention of a court of that member state and, where necessary, to initiate or engage in legal proceedings, may exercise that power in relation to an instance of cross‑border data processing even though it is not the ‘lead supervisory authority’,” the Luxembourg-based court wrote.
The GDPR has been understood to mean the lead on complaints against companies like Facebook must be taken by the Irish Data Protection Commission because the company has its European headquarters in Ireland. The 2016 law governs data protection and privacy in the EU and requires companies to disclose what data they collect, how they use that data and to delete data within a timely fashion.
The case was referred to the European Court of Justice by the Court of Appeals of Brussels after the Belgian privacy watchdog, the Data Protection Agency, sued Facebook over the company’s use of trackers to follow nonusers online.
Belgium told the court in an October 2020 hearing that it had attempted to work with Ireland, but Dublin was unwilling to move forward with a complaint. The European Commission, the EU’s executive body, opposes letting Belgium sue Facebook, claiming it would lead to a flood of complaints against companies through the 27 member states of the political and economic union.
Earlier this year, a court magistrate found that the GDPR allows any country to bring complaints, regardless of where the company is headquartered. The court adopted that finding in Tuesday's ruling.
But the decision won’t mean open season on tech giants with dodgy privacy policies. The court held that any national data watchdog that wishes to bring a cross-border complaint must engage in “sincere and effective cooperation” with its counterpart, in this case Ireland, including immediately notifying the other country of its plan to bring a complaint and giving it three weeks to decide whether to take the lead.
"We are pleased that the Court of Justice has upheld the value and principles of the one-stop-shop mechanism, and highlighted its importance in ensuring the efficient and consistent application of GDPR across the EU," Facebook's associate general counsel Jack Gilbert said in a statement.
The case now returns to the Belgian court to determine if the Data Protection Agency can move forward with its complaint.
Ireland’s so-called Silicon Docks, the nickname for the area in Dublin around Grand Canal Dock with a concentration of tech companies, is home to the European headquarters of Google, Facebook, LinkedIn and Twitter. The country has attracted multinationals with a low corporate tax rate, just 12.5%. U.S. President Joe Biden has called for a global minimum for corporate tax, getting leaders to agree to a rate of at least 15% at this week’s G-7 summit.
Facebook has been forced to defend itself before the Court of Justice on several occasions in the past few years. The court struck down a data-sharing agreement between the United States and the EU earlier this year, in a case involving Facebook data known as Schrems II. That decision follows a 2015 ruling, known as Schrems I, that invalidated the previous agreement.
In 2019, the court also held that countries could force Facebook to remove content from its platform worldwide, rather than merely within national borders.
Follow @mollyquell
Subscribe to Closing Arguments
Sign up for new weekly newsletter Closing Arguments to get the latest about ongoing trials, major litigation and hot cases and rulings in courthouses around the U.S. and the world.
