these smartphones throw their price, but only for a limited time

They open the door to an increase in privacy lawsuits against European Union-based tech companies

Until now, within the EU only Ireland could initiate legal proceedings against the European branch of Facebook in lawsuits related to privacy, since its main headquarters are located in said territory.

This is because, as established by current community regulations, when a data processing process affects citizens of various member countries, the "main" data authority will be the one where it is headquartered. In this case, and in that of other technologies, the Irish equivalent of the Spanish Agency for Data Protection.

One stop shop, yes, but

However, Michal Bobej, Advocate General for the European Union, may be about to put an end to that: because in a preliminary findings report published yesterday, the door is opened to all national data protection agencies may initiate proceedings against companies established in the Union... it is enough that they have delegations in their national territory.

The Advocate General acknowledges in his report that the 'single window' principle was designed to avoid uncertainties and conflicts between organizations and citizens, but that this does not oblige that only a data protection authority can initiate a procedure, but rather that it must cooperate with the other authorities that take legal action.

Privacy on Facebook does not exist: Zuckerberg knows (almost) everything about its users, even their calls and SMS if they have Android

The latter, it is true, will have to submit said actions to four principles:

  • That they act in a field other than the RGPD.

  • That cross-border data processing is carried out by a public authority or for reasons of public interest.

  • That it is about adopting urgent measures.

  • That the main authority has decided not to deal with a case.

That said, the report of the Advocate General is not binding on the CJEU, but the basis on which it will now develop its deliberations and establish a judgment. However, it is true that the reports of the Advocate General they usually indicate, in most cases, where the opinion of the court will go.

Why is this decision relevant?

Despite the fact that the EU GDPR has been in force for three years now, just a few weeks ago the 'Irish AEPD' issued its first fine against one of the many US tech companies that have their 'head office' for the EU in Ireland; This is not surprising, since it has already been reported on other occasions that said body is slow and notoriously underfunded.

However, if the CJEU ends up siding with its General Counsel, Giants like Facebook, Google, Twitter and Oracle, among many others, will begin to be exposed to lawsuits and fines not only from this ineffective bodybut also from their equivalents across the EU.

Via | Fortune