Op-Ed: “Facebook Ireland: The Scope of the ‘One-Stop Shop’ under the GDPR and How to React to Enforcement Bottlenecks” by Alberto Miglio
The judgment of the Court of Justice in Facebook Ireland (C-645/19), issued this week on 15 June, has provided important clarifications on the allocation of competence between national supervisory authorities (SAs) in the enforcement of the General Data Protection Regulation (GDPR, 2016/679). In a nutshell, the Court of Justice held that SAs may bring judicial proceedings against data controllers or processors in the same instances where they have competence to adopt administrative decisions. This may happen, in particular, in case of inertia of the lead supervisory authority (LSA), provided that the cooperation and consistency procedures foreseen in the GDPR are respected.
While judicial actions by data subjects and criminal liab