Report from Irish Legal News
In Brief – The EU’s General Court has sided with the European Data Protection Board (EDPB), made up of the EU’s national data protection authorities and the European Data Protection Supervisor, ruling that the collective can overrule a national privacy regulator on enforcement of the General Data Protection Regulation (GDPR). The case pitted the EDPB against the Irish Data Protection Commission (DPC), which is the lead supervisory authority under the GDPR’s “one-stop-shop” mechanism for companies based in Ireland, which includes many of the largest digital platforms. In a series of complaints against Facebook filed in 2018 by privacy advocates across Europe, the DPC arrived at decisions that privacy advocates, including many national authorities, criticized and challenged. The EDPB required the DPC to revise their decisions and impose tougher penalties. The Irish argued that the EDPB was overstepping its authority. The General Court, the EU’s second highest, has ruled that the EDPB’s interventions were consistent with its authority under the GDPR and struck a clear blow against the primacy of home state authorities.
Context – Meta has been mired for years in a quagmire involving European privacy advocates frustrated with the GDPR. The law’s One-Stop-Shop regime that was billed originally as a business-friendly streamlining of regulatory compliance was a top target of critics. Privacy advocates vociferously complained that Ireland’s DPC was lax and slow. They pressed other member state privacy authorities to intervene and overrule the DPC via the EDPB. And they largely succeeded. The DPC has since taken more aggressive GDPR stances with digital giants. And the One-Stop-Shop mechanism was effectively jettisoned from subsequent EU digital regulation measures, including the DSA, the DMA, and the AI Act. The Commission is in the regulatory driver’s seat for the biggest platforms. That said, regulatory overlaps, including involving the Commission’s digital regulators and the privacy regulators, continue to crop up, such as over Meta’s subscription plans and the regulation of AI providers.