LONDON – Facebook and other US tech giants could face a flurry of new cases in Europe regarding data privacy, after a supreme court said any regulator in the region should be able to file new lawsuits.

The European Union implemented its General Data Protection Regulation in 2018, which gives citizens a greater role in how their data is used. In this context, any privacy complaints against Facebook will be forwarded, for example, to the Irish Data Protection Commissioner since the company’s European headquarters are in Dublin.

However, the Attorney General of the European Court of Justice said on Wednesday that privacy complaints do not necessarily have to be brought to the local regulator – thus opening the door for further investigations into data concerns in various EU countries.

“Make no mistake that the impact of this opinion is far-reaching if upheld by the court because it would give equal right to any of the 27 data protection commissioners across Europe to take action on rule-breaking,” Ethyca Privacy Chief Executive Kylian Kieran told CNBC by mail. Mail.

“The consequences are significant given that there are certainly countries within Europe that have a more proactive stance on robust enforcement of the GDPR,” Kiran said, adding that “this will likely lead to a greater number of investigations for companies across the markets.”

The opinion, issued on Wednesday, comes after a Belgian court ruled in 2015 that Facebook violated privacy rules to monitor internet users’ browsing history whether or not they registered on the platform.

Facebook has argued that only courts in Ireland can judge the company’s practices due to its headquarters location. The Belgian data protection authority then asked the European Court of Justice to clarify the legal situation.

“The General Data Protection Regulation (GDPR) allows a data protection authority in a member state to bring claims in the court of that country for an alleged violation of the General Data Protection Regulation (GDPR) in relation to cross-border data processing, even though it is not the main data protection authority mandated to “The authority to initiate such procedures,” the European Court of Justice prosecutor said on Wednesday.

The attorney’s opinion is not binding, but is taken into account by the judges of the European Court of Justice, who are scheduled to rule on the case at a later stage.

“We are pleased that the Attorney General has reaffirmed the value and principles of the Single Window Mechanism, which has been introduced to ensure the effective and consistent application of the GDPR. We await the final ruling of the court,” Jack Gilbert, Assistant General Counsel at Facebook, told CNBC via email Wednesday.

Single window mechanism refers to cooperation between data protection authorities in the case of cross-border processing.

Concerns about data protection It has grown in recent years in the wake of various scandals. This includes the 2018 Cambridge Analytica-Facebook saga, in which user data was used to try to influence election results.