The recommendation was issued after Facebook sought to rebuff Belgium’s privacy regulator in a data case by saying its European Union headquarters were in Dublin and so Ireland was the lead authority in the EU for the US social media giant.
Advocate-General Michal Bobek, the adviser to the Court of Justice of the European Union, recommended that the data protection agency in any EU country should be able to take legal action in various situations even if they were not the lead authority.
If the recommendation is followed, it could prompt action by national agencies in the 27-member EU against other US tech companies, such as Google, Twitter and Apple, which also have their EU headquarters in Ireland.
EU judges often follow advocate-general opinions but do not have to. They usually deliver a ruling in two to four months.
Belgium’s regulator sought to stop Facebook gathering data on the browsing behaviour of Belgian users to show them targeted advertising without their valid consent. The regulator said this took place even if the user did not have a Facebook account.
Facebook challenged this on the basis that the Irish privacy watchdog is the lead authority for Facebook. The Irish government and its watchdogs have proven a lot friendly to US big tech gians.
Bobek said the lead authority had a general competence over cross-border data processing and the power of other authorities to start legal proceedings was curtailed in cross-border cases based on the “one-stop-shop” mechanism enshrined in EU rules.
But he said the lead authority needed to cooperate closely with other data protection authorities, which he said could still bring cases to their courts.