BRUSSELS (Reuters) – Facebook’s run-ins with EU privacy regulators may escalate as Europe’s top court next week weighs arguments from the Belgian data protection watchdog that it should have the power to go after the U.S. social media giant for breaches in Belgium.
If the Luxembourg-based Court of Justice of the European Union (CJEU) backs the Belgian authority (DPA), it could embolden national agencies in the 27-country bloc to take action against companies such as Alphabet’s Google, Twitter and Apple.
Under landmark EU privacy rules known as the General Data Protection Regulation (GDPR) and its one-stop-shop mechanism, the Irish privacy authority is the lead authority for Facebook as the company’s European head office is based in Ireland.
Google, Twitter and Apple also have their European headquarters in Ireland. GDPR however allows some leeway for other national privacy regulators to rule on violations limited to a specific country, which France and Germany have done.
The case before the CJEU on Oct. 5 came after a Belgian court sought guidance on Facebook’s challenge against the territorial competence of the Belgian regulator’s bid to stop the company from tracking users in Belgium through cookies stored in Facebook’s social plug-ins, regardless of whether they have an account or not.
Facebook said there are merits to EU’s rules in designating a lead supervisory authority for cross-border privacy issues.
“All businesses that operate across the EU who are subject to GDPR can benefit from this one-stop-shop mechanism; it allows companies of all sizes to understand their legal responsibilities and respond quickly to regulators,” Jack Gilbert, Facebook associate general counsel, said in an email.
The Belgian data authority said the