Facebook is subject to EU privacy challenges from watchdogs in any of the bloc’s member states, not just its lead regulator in Ireland, the bloc’s top court ruled Tuesday, in a ruling that has implications for other big tech companies.
Under the EU’s stringent privacy rules, known as the General Data Protection Regulation, only one country’s national data protection authority has the power to handle legal cases involving cross-border data complaints in a system known as “one-stop shop.” For Facebook, which has its European headquarters in Dublin, it is Ireland’s Data Protection Commission.
However, the European Union’s Court of Justice ruled that “under certain conditions,” a national watchdog has the power to take a company to court over a GDPR violation even if it’s not the lead regulator.
The ruling is in line with a preliminary opinion from a court adviser and, according to experts, potentially paves the way for a fresh onslaught of privacy cases across the EU’s 27 member nations.
The court’s decision brings to an end a lengthy legal battle between Facebook and Belgium’s data protection authority over jurisdiction for the case, which centered on the social network’s use of cookies to track behavior of internet users, even those who weren’t account holders. The company had argued that the Belgian watchdog no longer had jurisdiction after GDPR took effect in 2018.
Facebook painted it as a victory, noting that under the ruling the Irish regulator would remain in the lead except in limited circumstances.
“We are pleased that the CJEU has upheld the value and principles of the one-stop-shop mechanism, and highlighted its importance in ensuring the efficient and consistent application of GDPR across the EU,” Jack Gilbert, the company’s associate general counsel, said.
Ireland’s privacy watchdog has been criticized for taking too long resolve a growing number of GDPR cases involving tech giants including Apple, Twitter, Google and Instagram but it argues that the cases are complicated.
Related: EU Court Opinion Leaves Facebook More Exposed Over Privacy
Related: Facebook May Have to Stop Moving EU User Data to US
Related: Facebook Spars With EU Regulator Over Dating App Delay

More from Associated Press
- Microsoft Will Pay $20M to Settle US Charges of Illegally Collecting Children’s Data
- Insider Q&A: Artificial Intelligence and Cybersecurity In Military Tech
- Idaho Hospitals Working to Resume Full Operations After Cyberattack
- Major Massachusetts Health Insurer Hit by Ransomware Attack, Member Data May Be Compromised
- Biden Picks New NSA Head, Key to Support of Ukraine, Defense of US Elections
- White House Unveils New Efforts to Guide Federal Research of AI
- Meta Fined Record $1.3 Billion and Ordered to Stop Sending European User Data to US
- China Tells Tech Manufacturers to Stop Using Micron Chips, Stepping Up Feud With United States
Latest News
- Sysdig Introduces CNAPP With Realtime CDR
- Stay Focused on What’s Important
- VMware Plugs Critical Flaws in Network Monitoring Product
- Hackers Issue ‘Ultimatum’ Over Payroll Data Breach
- US, Israel Provide Guidance on Securing Remote Access Software
- OWASP’s 2023 API Security Top 10 Refines View of API Risks
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- ChatGPT Hallucinations Can Be Exploited to Distribute Malicious Code Packages
