Ashley Winton, UK head of data protection and privacy at international law firm Paul Hastings, comments on the European Court of Justice’s landmark ruling on data protection.
“Today’s landmark ruling from the European Court of Justice has changed the face of data protection for companies operating across multiple EU jurisdictions, particularly those who are consumer facing.
Previously, European laws allowed multinational businesses with operations in Europe to be only subject to the data protection laws of one European country. This was to the benefit of many companies, some of whom elected to create an establishment in the UK or Ireland, where data protection laws and practices are more liberal and arguably more business friendly.
Following the case of Weltimmo, companies that have websites translated into another language, targeting consumers of member states outside of their own establishment, may now have to comply with the regulations in each individual member state. This dramatically increases compliance costs, particularly where a website is targeted at multiple member states, and makes the company subject to multiple data protection authorities.
We expect that this case will be welcomed by data protection authorities, and as a result, social media and e-commerce multinationals will need to urgently consider their European data protection compliance strategies. With the appetite for enforcement high across a number of member states, the repercussions for non-compliance could be huge.”