Language of document :

Request for a preliminary ruling from the Hof van beroep te Brussel (Belgium) lodged on 30 August 2019 — Facebook Ireland Limited, Facebook Inc., Facebook Belgium BVBA v Gegevensbeschermingsautoriteit

(Case C-645/19)

Language of the case: Dutch

Referring court

Hof van beroep te Brussel

Parties to the main proceedings

Applicants: Facebook Ireland Limited, Facebook Inc., Facebook Belgium BVBA

Defendant: Gegevensbeschermingsautoriteit

Questions referred

Should Articles [55(1)], 56 to 58 and 60 to 66 of Regulation (EU) 2016/679 1 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, read in conjunction with Articles 7, 8 and 47 of the Charter of Fundamental Rights of the European Union, be interpreted as meaning that a supervisory authority which, pursuant to national law adopted in implementation of Article [58(5)] of that regulation, has the power to commence legal proceedings before a court in its Member State against infringements of that regulation cannot exercise that power in connection with cross-border processing if it is not the lead supervisory authority for that cross-border processing?

Does it make a difference if the controller of that cross-border processing does not have its main establishment in that Member State but does have another establishment there?

Does it make a difference whether the national supervisory authority commences the legal proceedings against the controller’s main establishment or against the establishment in its own Member State?

Does it make a difference if the national supervisory authority had already commenced the legal proceedings before the date on which the regulation entered into force (25 May 2018)?

If the first question is answered in the affirmative, does Article [58(5)] of the GDPR have direct effect, such that a national supervisory authority can rely on the aforementioned article to commence or continue legal proceedings against private parties even if Article [58(5)] of the GDPR has not been specifically transposed into the legislation of the Member States, notwithstanding the requirement to do so?

If the previous questions are answered in the affirmative, could the outcome of such proceedings prevent the lead supervisory authority from reaching a conclusion to the contrary, in the event that the lead supervisory authority investigates the same or similar cross-border processing activities in accordance with the mechanism laid down in Articles 56 and 60 of the GDPR?


1 OJ 2016, L 119, p. 1.