Security News > 2021 > January > EU Court Opinion Leaves Facebook More Exposed Over Privacy
Any EU country can take legal action against companies like Facebook over cross-border violations of data privacy rules, not just the main regulator in charge of the company, a top court adviser said Wednesday.
The preliminary opinion is part of a long-running legal battle between Facebook and Belgium's data protection authority over the company's use of cookies to track the behavior of internet users, even those who weren't members of the social network.
The advice from the European Court of Justice's Advocate General Michal Bobek potentially paves the way for an onslaught of fresh data privacy cases across the EU, experts said.
"The lead data protection authority cannot be deemed as the sole enforcer of the GDPR in cross-border situations, and must, in compliance with the relevant rules and time limits provided for by the GDPR, closely cooperate with the other data protection authorities concerned," the opinion said.
Privacy advocates and experts said the advice could change how data privacy cases are handled, by taking the pressure off a single watchdog.
Businesses could also face a bigger compliance burden responding to more privacy cases in multiple EU markets, because it would be easier for people to file complaints to their local privacy watchdog, said Cillian Kieran, CEO of privacy compliance startup Ethyca.