bbieron@platformeconomyinsights.com

The GDPR One Stop Shop Mechanism Suffers Big EU Court Setback

Feb 12, 2025

Report from Irish Legal News

In Brief – The EU’s General Court has sided with the European Data Protection Board (EDPB), made up of the EU’s national data protection authorities and the European Data Protection Supervisor, ruling that the collective can overrule a national privacy regulator on enforcement of the General Data Protection Regulation (GDPR). The case pitted the EDPB against the Irish Data Protection Commission (DPC), which is the lead supervisory authority under the GDPR’s “one-stop-shop” mechanism for companies based in Ireland, which includes many of the largest digital platforms. In a series of complaints against Facebook filed in 2018 by privacy advocates across Europe, the DPC arrived at decisions that privacy advocates, including many national authorities, criticized and challenged. The EDPB required the DPC to revise their decisions and impose tougher penalties. The Irish argued that the EDPB was overstepping its authority. The General Court, the EU’s second highest, has ruled that the EDPB’s interventions were consistent with its authority under the GDPR and struck a clear blow against the primacy of home state authorities.

Context – Meta has been mired for years in a quagmire involving European privacy advocates frustrated with the GDPR. The law’s One-Stop-Shop regime that was billed originally as a business-friendly streamlining of regulatory compliance was a top target of critics. Privacy advocates vociferously complained that Ireland’s DPC was lax and slow. They pressed other member state privacy authorities to intervene and overrule the DPC via the EDPB. And they largely succeeded. The DPC has since taken more aggressive GDPR stances with digital giants. And the One-Stop-Shop mechanism was effectively jettisoned from subsequent EU digital regulation measures, including the DSA, the DMA, and the AI Act. The Commission is in the regulatory driver’s seat for the biggest platforms. That said, regulatory overlaps, including involving the Commission’s digital regulators and the privacy regulators, continue to crop up, such as over Meta’s subscription plans and the regulation of AI providers.

View By Monthly
Latest Blog
Apple Still Trying to Reverse Epic Antitrust Loss at Supreme Court

Report from Reuters In Brief – Apple has asked the US Supreme Court to review a lower court ruling that found the company in civil contempt for violating an injunction tied to its long-running legal fight with Epic Games. The Apple v Epic antitrust dispute began in...

Trump Cancels Executive Order on “Voluntary” AI Security Reviews

Report from the Washington Post In Brief – President Donald Trump cancelled signing a major executive order on artificial intelligence after last-minute lobbying from leading tech industry figures, including Elon Musk, Mark Zuckerberg, and former White House AI...

X Commits to Strengthen Anti-Terror Content Moderation in the UK

Report from The Guardian In Brief – Ofcom, the UK regulator enforcing the Online Safety Act (OSA), has announced that X has agreed to strengthen its moderation of terrorist and hate-related content. The commitments stem from Ofcom’s discussions with the top social...

Meta Joins Snap, TikTok and YouTube to Settle School District Lawsuit

Report from the New York Times In Brief – Meta has reached reached a settlement agreement in the first lawsuit headed to trial in federal court over claims that addiction to social media platforms has pushed public schools to spend massive sums fighting a youth mental...

Platform Economy Insights produces a short email four times a week that reviews two top stories with concise analysis. It is the best way to keep on top of the news you should know. Sign up for this free email here.

* indicates required