The Limited Times

Now you can see non-English news...

Personal data: the EU specifies the competences of the member countries


The European Court of Justice has just clarified the “one-stop-shop” system of the GDPR, in the context of a dispute with Facebook.

Any EU country can, under certain conditions, sue a web company for violating personal data legislation, and not just the state where it has its main HQ, the European justice said, entering a dispute with Facebook.

Read also: GDPR: the Irish "weak link" heightens tension among regulators

The Court of Justice of the EU (CJEU), established in Luxembourg, was questioned by the Brussels Court of Appeal, in the context of an action brought in 2015 against the American giant by the boss of the Belgian authority of Data protection. In particular, it was invited to clarify the question of the application of the so-called “one-


” mechanism

provided for by the General Data Protection Regulation (GDPR), which entered into force in May 2018. Under this mechanism, these are the Irish courts, those of the country in which Facebook has established its European headquarters, which must be seized of an alleged violation of the GDPR by this multinational. TheIrish Data Protection Authority has been appointed as the 'lead


' for bringing legal actions.

Details for national authorities

In its judgment, the CJEU specifies the conditions for the exercise of national authorities, such as the CNIL in France, and judges that “

under certain conditions

” they can take legal action in their State concerning cross-border data processing.

The Court of Justice considers in particular that when a national supervisory authority, which is not "


", brought a legal action before the entry into force of the GDPR, "

this action can be maintained, under Union law


Read also: Data leak: the Irish CNIL opens an investigation against Facebook

This is precisely the Belgian case.

In September 2015, the president of the Belgian privacy control authority (the CPVP, which has since become the Data Protection Authority) brought proceedings before the Brussels court.

The goal ?

That Facebook stop collecting and using information about their online behavior without the knowledge of Internet users, via “



among other things

, these microfiles retaining the habits of Internet users.

In February 2018, this court ordered Facebook to stop tracking Internet users in Belgium without their consent, under penalty of a fine of 250,000 euros per day.

The multinational appealed and it was during the appeal process that the Luxembourg Court was questioned.


A positive development


Its judgment constitutes "

a positive development

" in the fight for better data protection, welcomes the European Bureau of Consumers' Unions (BEUC). For this federation of associations from 32 countries in Europe, the GDPR one-stop shop has "


". “

Most of the tech giants, nicknamed the


Big Tech


are based in Ireland, and it shouldn't be the sole authority of this country to protect 500 million consumers in the EU,

” he said. it belongs. Facebook, for its part, was delighted that the CJEU "

confirmed the value and the principles of the

" one-stop-shop "



and underlined its importance, in order to apply the GDPR effectively and consistently across the EU,

”said Jack Gilbert, associate lawyer for the social network.

But the lobby of tech giants, the ICC, expressed concerns, saying the judgment had "

opened a back door

" and that it risked making data protection compliance in the EU "

more inconsistent. , fragmented and uncertain


Source: lefigaro

All news articles on 2021-06-18

You may like

Trends 24h

News/Politics 2021-08-03T15:18:55.838Z
News/Politics 2021-08-02T17:48:12.940Z


© Communities 2019 - Privacy