Cross-border data processing infringements of the GDPR: Court of Justice confirms that a non-lead supervisory authority can commence legal proceedings in the Facebook Ireland case
Concerning a dispute relating to EU data protection law, standing, and jurisdiction in the context of allegedly unlawful cross-border data processing, the Grand Chamber of the Court of Justice has handed down its ruling (Facebook Ireland and Others, C-645/19). In doing so it clarifies the interpretation of EU rules setting out which a Member State’s data protection supervisory authority can bring a claim based on an infringement of the EU’s data protection rules - in this case by several companies belonging to the Facebook group - Facebook Ireland, Facebook Belgium and Facebook Inc, and which courts it can bring that claim before.
Background to the cross-border dispute and main proceedings
In the case at hand, the named Fac