Europe's top court ruled on Tuesday that national privacy regulators could pursue investigations into big tech companies, even if they aren't the lead

Top EU court makes it harder for Silicon Valley giants to dodge GDPR privacy suits

submited by
Style Pass
2021-06-15 16:30:03

Europe's top court ruled on Tuesday that national privacy regulators could pursue investigations into big tech companies, even if they aren't the lead regulator for that company -- in specific circumstances.

Until now, regulators have been bound by Europe's one-stop-shop rule, which means only the regulator in the country where the company has its European headquarters may bring GDPR enforcements against those companies. Tuesday's decision doesn't signal an end to the one-stop-shop rule, but it does introduce greater flexibility to become involved in privacy cases when regulators take umbrage with tech companies' handling of cross-border data processing.

At the heart of the ruling by the Court of Justice of the European Union is a long-running attempt by the Belgian privacy regulator to prevent Facebook from using cookies and other tracking tools to follow Belgian citizens around the web. Belgium has been pursuing the case since 2015, predating the introduction of GDPR, Europe's strict privacy regulation, which came into force in 2018. 

Facebook has long argued that it isn't answerable to the Belgian regulator, as it has its headquarters in Ireland. But Tuesday's ruling indicates that the court upholds the right of EU member states to bring GDPR enforcements against companies that fall outside of their one-stop-shop jurisdiction, if specific criteria are met.

Leave a Comment