Menu
Lady Justice statue holding a sword and scales stands before a background of the European Union flag, which features a blue field with a circle of twelve yellow stars. The statue symbolizes justice, with a blindfold representing impartiality.

EU Court Upholds EDPB’s Authority Over Irish DPC

, , , , , , , ,

On January 29, the European General Court upheld the European Data Protection Boards (EDPB) 2023 binding decision, which instructed Ireland’s Data Protection Commission (DPC) to conduct separate investigations into Meta’s data processing practices. The ruling emphasized the importance of examining individual allegations of General Data Protection Regulation’s (GDPR) violations, rather than bundling them together. This court’s decision clarifies the EDPB’s authority to direct lead supervisory authorities to investigate potential GDPR breaches more thoroughly, without compromising the independence of national data protection agencies.

The Irish DPC, which can appeal this decision to the Court of Justice of the European Union, has acknowledged the court’s ruling and is currently reviewing it. The initial challenge was launched in February 2023 under the leadership of former Commissioner Helen Dixon. The DPC had previously issued a preliminary fine of €5.5 million to Meta’s WhatsApp in December 2022 for violating GDPR transparency principles, specifically regarding user consent in the Terms of Service.

The EDPB’s binding decision resulted from an Article 65 dispute-resolution process, confirming the fine and urging further investigations into potential Article 9 GDPR violations concerning WhatsApp’s handling of special categories of personal data. Despite the DPC’s concerns about the EDPB’s role, the court’s ruling highlights a balance between efficient GDPR enforcement and protecting fundamental rights. The EDPB expressed support for harmonizing GDPR enforcement and emphasized the importance of consensus among Data Protection Authorities (DPAs) early in investigations.

Max Schrems, NOYB Honorary Chair, who initiated the original complaint against Meta, remarked that the dismissal of the DPC’s claims effectively restarts the Meta cases. The DPC is now required to open new investigations as mandated by the EDPB, which could take years to resolve. This ruling underscores the EDPB’s critical role in ensuring consistent and thorough GDPR enforcement across the EU.

  • Save

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Share via
Facebook
Twitter
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap