Tech giants like Facebook could soon be facing a host of cases after the top EU court ruled on Tuesday.
The court ruled that national watchdogs of any member state can enforce the bloc’s privacy laws, under certain circumstances.
Under EU law, so-called lead authorities primarily bring cases against companies when they consider citizens’ privacy rights to be breached.
But national data protection bodies can under certain circumstances take tech giants to court even if they are not considered the lead authority, the European Court of Justice (ECJ) ruled on Tuesday.
The Belgian privacy commission since 2018 called the Belgian Data Protection Authority to bring a case against Facebook in 2015 for collecting data through internet plug-ins and cookies from people who have an account on the platform and those who do not.
The commission argued that this violates Belgian law.
However, Facebook contended that the Belgian data watchdog did not have a case, referring to the EU privacy rules that only a so-called lead authority can sue.
In this instance, this would be the Irish data protection authority, as the company’s EU headquarters are in Ireland and its data are being processed there.
But the ECJ found that data protection authorities from other countries do have the right to sue, “provided that the object of the legal proceedings is a processing of data carried out in the context of the activities of that establishment,’’ the court said in a statement.
dpa