LUXEMBOURG (CN) — National authorities are not the only ones who can take companies to court over data privacy violations, an adviser to the EU’s high court said Thursday, finding that consumer watchdog organizations can also bring such cases.
Advocate General Richard de la Tour wrote in his nonbinding opinion for the European Court of Justice that the Federation of German Consumer Organizations, or VZBV, can sue over an alleged privacy breach by Facebook, despite not being a regulatory body.
Should the European Union's top court agree with de la Tour in its final ruling, it would pave the way for groups across the bloc to sue tech companies over infringements of the General Data Protection Regulation, or GDPR, the EU law on data protection and privacy.
The case was referred to the Luxembourg-based court by the German Federal Court of Justice, the Bundesgerichtshof, after the German consumer group sued Facebook, now called Meta, for automatically sharing the personal data of users of online games.
Facebook argued during hearings in October that the VZBV couldn’t bring the complaint because it wasn’t representing an individual who was directly harmed, but the advocate general disagreed.
“The defence of the collective interests of consumers by associations is particularly suited to the objective of establishing a high level of protection of personal data,” de la Tour wrote.
Earlier this year, the court expanded the purview of national authorities to bring lawsuits against tech companies. The GDPR has been understood to mean the lead on complaints against companies like Facebook must be taken by the Irish Data Protection Commission because the company has its European headquarters in Ireland. But in June, the court ruled against Facebook and found that in some cases, any national authority can sue.
The VZBV applauded de la Tour's advisory opinion in a statement.
“Today's recommendations are an important stage win and a strong signal for efficient enforcement of data protection law, including by civil society associations….This is good news for consumers, given the apparent regulatory backlog with the Irish Data Protection Agency,” the consumer group said.
The German group isn't the only one to express frustration with the slow pace that Irish regulators have taken. The EU’s privacy czar Vera Jourova said in a speech last month that she wasn’t satisfied with the implementation of the GDPR.
“We see that some data protection authorities in some member states are understaffed, not equipped with sufficient budget, not supported with sufficient political support from the governments,” she said in her remarks, which were widely understood to be a dig at Ireland.
Ireland’s low corporate tax rate has been attractive for multinational companies. The so-called Silicon Docks, the nickname for the area in Dublin around Grand Canal Dock with a concentration of tech companies, is home to the European headquarters of Google, Facebook, LinkedIn and Twitter.
A spokesperson for Meta said in a statement that the company is analyzing the opinion.
“Legal clarity on scope and process of GDPR is important and we’re glad the Court of Justice of the European Union is considering the questions raised in this case," they said.
A final decision is expected sometime next year.
Follow @mollyquell
Subscribe to Closing Arguments
Sign up for new weekly newsletter Closing Arguments to get the latest about ongoing trials, major litigation and hot cases and rulings in courthouses around the U.S. and the world.
Additional Reads
-
Los Angeles assistant prosecutor faces felony charges April 24, 2024 -
Judge blocks Montana double-voting bill April 24, 2024