bbieron@platformeconomyinsights.com

The GDPR One Stop Shop Mechanism Suffers Big EU Court Setback

Feb 12, 2025

Report from Irish Legal News

In Brief – The EU’s General Court has sided with the European Data Protection Board (EDPB), made up of the EU’s national data protection authorities and the European Data Protection Supervisor, ruling that the collective can overrule a national privacy regulator on enforcement of the General Data Protection Regulation (GDPR). The case pitted the EDPB against the Irish Data Protection Commission (DPC), which is the lead supervisory authority under the GDPR’s “one-stop-shop” mechanism for companies based in Ireland, which includes many of the largest digital platforms. In a series of complaints against Facebook filed in 2018 by privacy advocates across Europe, the DPC arrived at decisions that privacy advocates, including many national authorities, criticized and challenged. The EDPB required the DPC to revise their decisions and impose tougher penalties. The Irish argued that the EDPB was overstepping its authority. The General Court, the EU’s second highest, has ruled that the EDPB’s interventions were consistent with its authority under the GDPR and struck a clear blow against the primacy of home state authorities.

Context – Meta has been mired for years in a quagmire involving European privacy advocates frustrated with the GDPR. The law’s One-Stop-Shop regime that was billed originally as a business-friendly streamlining of regulatory compliance was a top target of critics. Privacy advocates vociferously complained that Ireland’s DPC was lax and slow. They pressed other member state privacy authorities to intervene and overrule the DPC via the EDPB. And they largely succeeded. The DPC has since taken more aggressive GDPR stances with digital giants. And the One-Stop-Shop mechanism was effectively jettisoned from subsequent EU digital regulation measures, including the DSA, the DMA, and the AI Act. The Commission is in the regulatory driver’s seat for the biggest platforms. That said, regulatory overlaps, including involving the Commission’s digital regulators and the privacy regulators, continue to crop up, such as over Meta’s subscription plans and the regulation of AI providers.

View By Monthly
Latest Blog
Dutch Regulator Opens Digital Services Act Investigation of Roblox

Report from NL Times In Brief – The Netherlands Authority for Consumers and Markets (ACM) has launched a formal Digital Services Act (DSA) investigation of Roblox over concerns that the online gaming platform may not be doing enough to protect children. The DSA...

EU Commission Moves to Stop Meta from Banning Chatbots on WhatsApp

Report from Wall Street Journal In Brief – The European Commission has informed Meta that it plans to block the company’s ban on third-party AI chatbots from operating over WhatsApp. The antitrust regulator has reached a preliminary finding that Meta’s policy could...

Department of Justice and State AGs Appeal Google Search Remedies Order

Report from Bloomberg In Brief – The US Department of Justice has announced that it notified the Federal Court of Appeals for the District of Columbia that it will appeal US District Judge Amit Mehta’s remedies order in the federal antitrust lawsuit that found Google...

Governor Newsome Drops Funding for Media from California State Budget

Report from SFiST In Brief – The latest budget proposal from California Governor Gavin Newsom (D) has eliminated funding for the News Transformation Fund, a state initiative to pay millions of dollars to California media companies. The fund was announced in 2024 as...

Platform Economy Insights produces a short email four times a week that reviews two top stories with concise analysis. It is the best way to keep on top of the news you should know. Sign up for this free email here.

* indicates required