Ο General Regulation on Data Protection in Europe (GDPR), has been in force for almost three years. However, just a few weeks ago the first significant fine was imposed on one of the major Companies technology of USA.
And now a Facebook case in Belgium could cause a change in the way GDPR fines are imposed. If the Court of Justice of the European Union (CJEU) follows the advice of the Advocate General, the company could face more lawsuits and possibly more fines.
According to the Attorney General Michal Bobek, CJEU Senior Legal Adviser, national privacy authorities in any EU country can sometimes take action against a company, even if the company has its headquarters elsewhere.
If the court agrees with the Advocate General then this could change the way companies interpret a crucial part of the GDPR, the so-called one-stop-shop mechanism.
In addition, on Wednesday, the longest-running and perhaps most important technology secrecy case in Europe, with which Facebook is also linked, was settled.
The most prominent privacy case of the Irish regulator is the one launched against Facebook more than seven years ago by the Austrian lawyer and activist Max Schrems.
The case concerns the transfer data in the US by Facebook, which raises concerns about privacy. It has so far led the CJEU to cancel multiple data-sharing agreements between the US and the EU, but has not actually prevented Facebook from sending user data outside the country.
This is because, according to the CJEU's most recent decision in July last year, it is now up to the Irish authorities to request a suspension of Facebook's data flow, given that US law does not provide Schrems with the data protection required by EU law.
Schrems sued the Irish regulator and the hearing was to be held in the Irish Supreme Court on Wednesday, but it was announced this morning that the two parties had reached a settlement. The regulator will soon "end" the existing case with Facebook, said Schrems.