BigTech giants like Facebook and Amazon could now face more data protection challenges from regulators following a new ruling from the EU Court of Justice.

Under certain conditions, a national supervisory authority may now exercise its power to bring any alleged infringement of the General Data Protection Regulation (GDPR) before a court of a member state, even though that authority is not the lead regulator in regard to that processing.

Previous rules meant that Facebook could only face privacy challenges from its lead regulator in Ireland.

Ireland’s privacy authority has reportedly been criticised for taking too long to deal with several GDPR cases linked to Instagram, Twitter, Google, and Apple.

Up until now GDPR’s ‘one-stop-shop’ rule meant that only one country’s national privacy watchdog could handle cases that involve cross-border data protection complaints. Now the EU court has said that in certain situations a national authority can take a company to court over GDPR violations.

“We are pleased that the CJEU has upheld the value and principles of the one-stop-shop mechanism, and highlighted its importance in ensuring the efficient and consistent application of GDPR across the EU,” said Jack Gilbert, Facebook’s associate general counsel.

Share Story: