The European Court of Justice has given EU member states extended authority to take for instance big tech companies to court for cross border violation of the union’s privacy rules.
“Under certain conditions, a national supervisory authority may exercise its power to bring any alleged infringement of the GDPR before a court of a Member State, even though that authority is not the lead supervisory authority with regard to that processing”, the court says.
An example could be Facebook that has its European operations registered in Ireland. This has until now meant that it has been the privacy watchdog in Dublin investigating cross border leaks of personal data from Facebook.
With the new understanding stated by the ECJ, any member state’s privacy authority could decide to take a big tech to court for cross border violation of the EU’s GDPR rules introduced a couple of years ago to increase privacy for EU citizens.