![]() What might those “certain conditions” entail?įor one thing, the court said, the GDPR’s one-stop shop mechanism requires the lead authority to talk and cooperate with other EU watchdogs that are involved in a case. The GDPR “authorizes, under certain conditions, a supervisory authority of a Member State to exercise its power to bring any alleged infringement of the GDPR before a court of that State and to initiate or engage in legal proceedings in relation to an instance of cross-border data processing, although that authority is not the lead supervisory authority with regard to that processing,” the court said. ![]() However, according to the CJEU on Tuesday, the Irish regulator’s special status under the GDPR’s so-called one-stop shop mechanism does not mean other regulators’ hands are always tied. That’s because (as with Google, Microsoft and many others) Facebook’s EU headquarters are in Ireland, making the Irish watchdog the “lead supervisory authority” when it comes to cases that involve multiple EU countries, as Facebook’s activities generally do. Instead, Facebook claimed, only the Irish Data Protection Commission can enforce EU privacy law against it. Although the case spans both the pre-GDPR and GDPR eras-the tough EU rulebook only came into effect in May 2018-Facebook has consistently argued that it is not answerable to the Belgian authority. ![]() ![]() The judgment augurs the end of a six-year argument between Facebook and the Belgian privacy authority, which in 2015 ordered Facebook to stop using cookies and hidden tracking tools to follow Belgians (even those without Facebook accounts) around the web. On Tuesday, the Court of Justice of the European Union (CJEU) ruled that privacy watchdogs in any EU country can enforce the General Data Protection Regulation (GDPR) against a company, under certain circumstances.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |