Issuing a blow to the tech giants, the EU Court of Justice (CJEU) has ruled that national data watchdogs have the authority to take action against digital companies even if they are not the assigned lead regulator.

The ruling announced on Tuesday expands the rights of EU nations to hold tech companies accountable despite not being the nation where those businesses are headquartered.

“Under certain conditions, a national supervisory authority may exercise its power to bring any alleged infringement of the GDPR before a court of a member state, even though that authority is not the lead supervisory authority with regard to that processing,” the CJEU said in a statement.

The court judgement was sparked after Belgium approached the CJEU to clarify its powers after the European country and Facebook clashed over whether it had the authority to challenge the tech company’s privacy rules and data handling policies.

When Belgium sought guidance from the CJEU last year, Facebook’s lawyer, Dirk Van Liedekerke, responded to the country’s actions by arguing against giving national watchdogs the power to independently challenge tech companies.

“We cannot allow rules of competences to be sidestepped by national authorities in national courts. The risk would be huge, risk of cases before the courts,” Van Liedekerke said.

EU member states have previously complained that Ireland, where Apple, Facebook, Google, and Twitter have HQs, takes too long to reach a decision when complaints are made to the regulator. Ireland has rejected this criticism, arguing that it is ensuring it is diligent in its investigations.

Following the CJEU’s decision, tech companies could find themselves facing an increased number of investigations, with national data watchdogs taking direct action against the companies, rather than waiting for a judgement from Ireland’s regulator.

Think your friends would be interested? Share this story!