The Brussels Court of First Instance had found Facebook liable for violation of Belgian privacy law for using cookies to track users who did not consent to the processing of their personal data and non users. Facebook was fined € 250,000 per day until compliance. More information is available here.
The decision was based on Belgian privacy law and it was effective for Belgium only but had been watched closely as a significant precedent leading to a possible fragmentation of EU data protection standards, giving ground to local data protection authorities to regulate “beyond” their order border.
The Belgian Court of Appeal found the Belgian Data Protection Agency’s proceeding unfounded. In addition, it held that Belgian courts have no jurisdiction regarding Facebook Ireland which processes data for Europe, and Facebook Inc., the US parent. The judgment is not yet available but sources (here and here) report that the Court of Appeal said that “Belgian courts don’t have international jurisdiction over Facebook Ireland, where the data concerning Europe is processed”.
The substantive proceedings will begin in 2017. The Belgian Privacy Commission said that it will evaluate whether to appeal the decision.
For more information, Francesca Giannoni-Crystal