COURT OF JUSTICE OF THE EUROPEAN UNION – RULING ON META'S ABUSE OF ITS DOMINANT POSITION BY PROCESSING USER DATA IN VIOLATION OF GDPR

18/07/2023

Court of Justice of the European Union ("CJEU") has ruled on the questions raised by the Higher Regional Court of Düsseldorf in the action brought by Meta against the decision of the Bundeskartellamt on whether national competition authorities may supervise the compliance of a data processing activity with the GDPR and on the application of certain provisions of the GDPR to Meta's processing activities.

Most recently, the Bundeskartellamt ruled that Meta Platforms Ireland had abused its dominant position in the online social networking market in Germany, as the data processing carried out by Meta did not comply with the GDPR. In particular, the authority therefore prohibited, in the general terms and conditions for private users residing in Germany, the linking of the use of Facebook to consent to the processing of their non-Facebook data and the processing of such data without their consent.

In the context of abuse of dominant position assessments, the CJEU, in its judgment on the questions posed, stated that:

It may be necessary for the competition authority of the Member State concerned to examine whether the conduct of the undertaking in question also complies with regulations other than competition law, such as the GDPR,

Where the national competition authority has found a breach of the GDPR, the decision of the competition authority cannot replace the decisions of the relevant administrative authority,

That the sole purpose of assessing compliance with the GDPR can only be to identify an abuse of a dominant position and implement measures to put an end to that abuse on a legal basis deriving from competition law,

In order to ensure consistent application of the GDPR, national competition authorities should consult and cooperate with the authorities monitoring the implementation of the GDPR and, in particular, if the national competition authority takes the view that it is necessary to examine whether an undertaking's conduct is in compliance with the GDPR, it should ascertain whether that conduct or similar conduct has already been the subject of a decision by the competent independent administrative authority or the Court and, if so, it cannot depart from that decision, although it is free to draw its own conclusions as regards the application of competition law.

(CJEU – 4.07.2023)

NAZALI TAX & LEGAL

info@nazali.com

This document provides general information on the subject and does not constitute a legal opinion or recommendation. Consulting a specialist is recommended before taking an action. No claim arising from the content of or relating to this document can be asserted against NAZALI.

Agenda

COURT OF JUSTICE OF THE EUROPEAN UNION – RULING ON META'S ABUSE OF ITS DOMINANT POSITION BY PROCESSING USER DATA IN VIOLATION OF GDPR

This document provides general information on the subject and does not constitute a legal opinion or recommendation. Consulting a specialist is recommended before taking an action. No claim arising from the content of or relating to this document can be asserted against NAZALI.