EU court leaves Facebook more exposed to privacy challenges

The EU's top court has ruled Facebook can face privacy challenges from watchdogs in any of the bloc’s member states, not just its lead regulator in Ireland

LONDON -- Facebook is subject to EU privacy challenges from watchdogs in any of the bloc's member states, not just its lead regulator in Ireland, the bloc's top court ruled Tuesday, in a ruling that has implications for other big tech companies. Under the EU's stringent privacy rules, known as the General Data Protection Regulation, only one country's national data protection authority has the power to handle legal cases involving cross-border data complaints in a system known as “one-stop shop.” For Facebook, which has its European headquarters in Dublin, it is Ireland's Data Protection Commission. However, the European Union's Court of Justice ruled that “under certain conditions," a national watchdog has the power to take a company to court over a GDPR violation even if it's not the lead regulator. The ruling is in line with a preliminary opinion from a court adviser and, according to experts, potentially paves the way for a fresh onslaught of privacy cases across the EU's 27 member nations.