EU

EU’s Top Court Unblocks More GDPR Cases Against Tech Giants

A ruling by the European Union’s top court today is set to unblock a raft of litigation brought by consumer protection organizations seeking to apply the bloc’s General Data Protection Regulation (GDPR) standard against tech giants such as Facebook and Twitter over issues like whether they gather properly informed consent to process people’s data.

Related: GDPR On The Rise As EU Officials Crack Down

In a judgment today, the Court of Justice (CJEU) affirmed that consumer protection organizations can bring representative actions against infringements of the bloc’s laws protecting people’s data under GDPR.

The referral to the CJEU came from a German court in a case brought against Meta (Facebook) by the German Federal Union of Consumer Organisations and Associations (aka the vzbv) relating to the ToS of certain free games apps running on its platform which force consent from users by not providing them with an option to decline processing if they play the game.

In a brief response statement, a Meta spokesperson said: “The underlying legal proceedings showed that there were some open questions, which the CJEU has now addressed. We will review the decision and assess its implications.”

The CJEU ruling prefigures a wider change — coming to EU next year, when the Representative Actions Directive come into application in June — which will further expand the ability of consumer rights groups to litigate on behalf of individuals whose rights they believe are being violated.

“By today’s judgment, the Court finds that the GDPR does not preclude national legislation which allows a consumer protection association to bring legal proceedings, in the absence of a mandate conferred on it for that purpose and independently of the infringement of specific rights of the data subjects, against the person allegedly responsible for an infringement of the laws protecting personal data, on the basis of the infringement of the prohibition of unfair commercial practices, a breach of a consumer protection law or the prohibition of the use of invalid general terms and conditions, where the data processing concerned is liable to affect the rights that identified or identifiable natural persons derive from that regulation,” the court writes in a press release.

Want more news? Subscribe to CPI’s free daily newsletter for more headlines and updates on antitrust developments around the world.