Over the past few years we have frequently flagged the issue of “application overreach” when it comes to the GDPR. We have long argued that a number of ‘activist’ data protection authorities across the EU are seeking to overreach their powers and undermine the one-stop-shop principle which underpins GDPR. (See this BEERG/HR Policy Global article from Jan 2022).
We were pleased to see the European Court of Justice push back - a little - in a November 9th decision saying that other EU countries should not be allowed to impose tougher liability rules on big tech / communications platform companies than are set down in the country where that company is established. The case was taken by Google, Meta and TikTok, all of which are head quartered in Ireland. It concerned a 2021 Austrian law that required social networks to delete what it decides is hate speech or face big fines. The companies argued that EU law says they should only be subject to Irish rules. The Court agreed.
It is important to note that the case was taken under EU information and e-commerce laws (on the proper functioning of the EU’s internal market) and NOT under GDPR. You can read the court’s ruling HERE and see the EU Directive 2000/31/EC on information society services