bbieron@platformeconomyinsights.com

The GDPR One Stop Shop Mechanism Suffers Big EU Court Setback

Feb 12, 2025

Report from Irish Legal News

In Brief – The EU’s General Court has sided with the European Data Protection Board (EDPB), made up of the EU’s national data protection authorities and the European Data Protection Supervisor, ruling that the collective can overrule a national privacy regulator on enforcement of the General Data Protection Regulation (GDPR). The case pitted the EDPB against the Irish Data Protection Commission (DPC), which is the lead supervisory authority under the GDPR’s “one-stop-shop” mechanism for companies based in Ireland, which includes many of the largest digital platforms. In a series of complaints against Facebook filed in 2018 by privacy advocates across Europe, the DPC arrived at decisions that privacy advocates, including many national authorities, criticized and challenged. The EDPB required the DPC to revise their decisions and impose tougher penalties. The Irish argued that the EDPB was overstepping its authority. The General Court, the EU’s second highest, has ruled that the EDPB’s interventions were consistent with its authority under the GDPR and struck a clear blow against the primacy of home state authorities.

Context – Meta has been mired for years in a quagmire involving European privacy advocates frustrated with the GDPR. The law’s One-Stop-Shop regime that was billed originally as a business-friendly streamlining of regulatory compliance was a top target of critics. Privacy advocates vociferously complained that Ireland’s DPC was lax and slow. They pressed other member state privacy authorities to intervene and overrule the DPC via the EDPB. And they largely succeeded. The DPC has since taken more aggressive GDPR stances with digital giants. And the One-Stop-Shop mechanism was effectively jettisoned from subsequent EU digital regulation measures, including the DSA, the DMA, and the AI Act. The Commission is in the regulatory driver’s seat for the biggest platforms. That said, regulatory overlaps, including involving the Commission’s digital regulators and the privacy regulators, continue to crop up, such as over Meta’s subscription plans and the regulation of AI providers.

View By Monthly
Latest Blog
European Commission Expands Their DSA Probe of Online Porn Sites

Report from CBC News In Brief – The European Commission has announced that they have preliminarily found four large adult content platforms to be in breach of the Digital Services Act (DSA) for failing to protect minors from being exposed to pornographic content on...

UK Government Targeting Manosphere Content on Online Platforms

Report from The Guardian In Brief – More than 60 Labour MPs have urged Ofcom, the country’s communications and digital regulator, to use its authority under the Online Safety Act to press platforms to better protect young men from risks they argue are linked to...

Google Proposes a Publisher Opt-Out for AI-Enabled Search in the UK

Report from MediaPost In Brief – Google has outlined plans to give publishers more authority over how their content appears in AI-driven search features in response to the consultation by the UK Competition and Markets Authority (CMA) regarding application of the...

Dutch Court Bans Grok from Creating Nude and Partially Nude Images

Report from Reuters In Brief – A Dutch court has ordered AI company xAI to stop its chatbot Grok from generating or distributing non-consensual sexualized images, including depictions of adults or children partially or wholly stripped naked. The preliminary...

Platform Economy Insights produces a short email four times a week that reviews two top stories with concise analysis. It is the best way to keep on top of the news you should know. Sign up for this free email here.

* indicates required