According to an Advocate General of the Court of Justice of the EU, consumer protection associations can bring representative actions for breach of EU privacy rules against data processors such as Facebook, and this before the national courts.
This legal opinion was issued Thursday, December 2 after the Federation of German Consumer Associations initiated proceedings against Facebook. According to the federation, the social media giant did not clearly explain how and why their personal data was processed on its App Center gaming platform.
If the German court recognized the validity of the action against Facebook, it wondered about the possibility for consumer groups to seize the court of such a procedure, the implementation of the RGPD (General Regulation on the Protection data) resting in the hands of data protection authorities. The case was therefore referred to the Court of Justice of the European Union (CJEU).
For Advocate General Jean Richard de la Tour, consumer protection associations can initiate proceedings against an organization that has violated the data protection guarantees of the GDPR if national laws allow it.
“We are going to analyze the opinion of the Advocate General. Legal clarity on the scope and process of the GDPR is important, and we welcome the Court of Justice of the European Union to consider the issues raised in this case.”a spokesperson for Meta, formerly known as Facebook, told EURACTIV.
“It would be paradoxical, to say the least, if the strengthening of the means of control of the personal data protection rules that the EU legislator wished to put in place when adopting Regulation 2016/679 [le RGPD] ultimately leads to a reduction in the level of protection of personal data”, can we read in the notice.
The legal expert referred to previous case law in the Fashion ID case, where the EU Court issued a similar ruling with reference to the Data Protection Directive, the EU law that preceded the GDPR.
“The collective redress mechanism is an essential way to protect the rights of data subjects without relying on regulators or costly private litigation”said Robert Bateman, research director at the GRC Forum, noting that based on national laws, consumer groups may be able to take legal action regardless of whether anyone’s data protection rights have actually been violated.
“The Attorney General’s opinion represents a clear victory for consumer rights groups and, ultimately, the consumers they represent”Mr. Bateman added.
Although the opinion is not legally binding, it has a great influence on the interpretation of the law by the European Court. This is why he often anticipates the final decision.
Ursula Pachl, Deputy Director General of the European Consumers’ Organization (BEUC), welcomed the opinion, as “it confirms that consumer organizations can use all available legal instruments to pursue companies that violate consumers’ rights to the protection of their personal data and their privacy. »
Under the Consumer Protection Cooperation Regulation, designated organizations such as BEUC can lodge complaints with the European Commission in the event of EU-wide breaches affecting consumer rights.
While the complaint against WhatsApp was brought under consumer protection law, the Advocate General’s opinion opens the door to a strong relationship between consumer protection and privacy, including providing appropriate information on how personal data is processed.
“The defense of the collective interests of consumers by associations is particularly suited to the objective of establishing a high level of protection of personal data”can we read in the notice.
However, BEUC believes that it is too early to say whether, should the legal opinion be upheld in court, it will try to take this or other specific complaints to national courts.