CJEU Case C-645/19 | Facebook Ireland Limited, Facebook INC, Facebook Belgium BVBA v Gegevensbeschermingsautoriteit

Author (Corporate)	Cardiff EDC (Compiler)
Publication Date	2019-
Content Type	Blog & Commentary, News, Overview
	Summary: Information Guide concerning Case C-645/19 from the Court of Justice of the European Union (CJEU) concerning the start of court proceedings for GDPR infringements in relation to cross-border data processing. Further information: In September 2015, the Belgian data protection authority commenced proceedings before the Belgian courts against several companies belonging to the Facebook group, some of which not based in the country. The data protection authority requested that Facebook be ordered to cease with respect to any internet user established in Belgium, to place, without their consent, certain cookies on the device those individuals use when they browse a web page in the Facebook.com domain or when they end up on a third party’s website, as well as to collect data by means of social plugins and pixels on third party websites in an excessive manner. In addition, it requested the destruction of all personal data obtained by means of cookies and social plugins, about each internet user established in Belgium. The proceedings taking place before the Court of Appeal in Brussels (Hof van beroep te Brussels) had their scope limited to Facebook Belgium and excluding Facebook INC and Facebook Ireland Ltd. as the court determined not having jurisdiction over those companies. Furthermore, the company has sustained that, as of the date on which the General Data Protection Regulation (GDPR) became applicable, only the data protection authority in the Member State where Facebook's main establishment is based (Ireland) is empowered to engage in judicial proceedings against Facebook for infringements of the GDPR in relation to cross-border data processing. The Court of Appeal therefore submitted in 2019 to the CJEU a request for a preliminary ruling regarding the role of national data protection authorities other than the leading authority when it comes to cross-border data processing. On 13 January 2021, the CJEU Advocate General issued an opinion stating that, while the lead data protection controller has a general competence to start court proceedings for GDPR infringements in relation to cross-border data processing, the other national data protection authorities are still entitled to commence such proceedings in their respective Member State in situations where the GDPR specifically allows them to do so.
Related Links	Official CJEU CURIA: Case C-645/19 \| Facebook Ireland Limited, Facebook INC, Facebook Belgium BVBA v Gegevensbeschermingsautoriteit http://curia.europa.eu/juris/documents.jsf?num=C-645/19 CJEU: Press Release (No 1/21), 13/01/2021: Advocate General’s Opinion in Case C-645/19 Facebook Ireland Limited, Facebook INC, Facebook Belgium BVBA v Gegevensbeschermingsautoriteit https://curia.europa.eu/jcms/upload/docs/application/pdf/2021-01/cp210001en.pdf News The Guardian, 16/02/2018: Facebook ordered to stop collecting user data by Belgian court https://www.theguardian.com/technology/2018/feb/16/facebook-ordered-stop-collecting-user-data-fines-belgian-court The Irish Times, 16/02/2018: Facebook ordered by Belgian court to stop collecting user data https://www.irishtimes.com/business/technology/facebook-ordered-by-belgian-court-to-stop-collecting-user-data-1.3395022 BBC News, 16/02/2018: Facebook told to stop tracking in Belgium https://www.bbc.co.uk/news/technology-43091087 Bloomberg, 27/03/2019: Facebook to Fight Belgian Ban on Tracking Users (and Even Non-Users) https://www.bloomberg.com/news/articles/2019-03-27/facebook-attack-of-belgian-order-on-user-tracking-gets-hearing BBC News, 28/03/2019: Facebook challenges Belgian tracking ban https://www.bbc.co.uk/news/technology-47733693 Reuters, 02/10/2020: Belgian privacy watchdog bid's to police Facebook at EU court on October 5 https://www.reuters.com/article/idUSKBN26N24C EurActiv, 05/10/2020: Facebook, Belgian watchdog face off over who should police company https://www.euractiv.com/section/digital/news/facebook-belgian-watchdog-face-off-over-who-should-police-company/ EUObserver, 06/10/2020: ECJ to clarify power of Belgian watchdog on Facebook cookies https://euobserver.com/science/149645 Associated Press, 13/01/2021: EU court opinion leaves Facebook more exposed over privacy https://apnews.com/article/belgium-europe-data-privacy-93b5bdbf4eb35ae9692e08e037947137 RTÉ News, 13/01/2021: ECJ considers allowing GDPR complaints in any EU member state https://www.rte.ie/news/world/2021/0113/1189411-eu-gdpr-proceedings/ Commentary and Analysis FieldFisher: Insight, 20/05/2019: Belgian Facebook case: Brussels Court of Appeal refers questions for preliminary ruling to the European Court of Justice https://www.fieldfisher.com/en/services/privacy-security-and-information/privacy-security-and-information-law-blog/belgian-facebook-case
Subject Categories	Internal Markets, Law, Values and Beliefs
Subject Tags	Court of Justice of the European Union [CJEU], Fundamental \| Human Rights
Keywords	CJEU Judgments, Data Privacy \| Protection, General Data Protection Regulation [GDPR]
Countries / Regions	Belgium
International Organisations	European Union [EU]