An Austrian law required platforms to set up mechanisms to find illegal content, but an EU court has ruled that this doesn’t apply as the three companies are headquartered in Ireland.
Google, Meta and TikTok have won an EU case which prevents member states from imposing obligations on them if they are established in another member state.
In effect, this means that these Big Tech companies are only subject to Irish laws (and EU-wide regulation), as they have their headquarters established in this country.
The ruling relates to an Austrian law that was imposed in 2021, which requires communications platforms to set up mechanisms for reporting and verifying potentially illegal content. Companies that fail to comply with this obligation could face fines of up to €10m.
Google Ireland, Meta Platforms Ireland and Tiktok claimed that this Austrian law was contrary to EU law, which causes an Austrian court to issue a question on the issue to the European Court of Justice (ECJ).
The ECJ agreed with the view of the Big Tech companies and said this type of national approach would call into question the “principle of control in the member state of origin”.
“If the member state of destination (in this case, Austria) were authorised to adopt such measures, this would encroach on the regulatory powers of the home member state (in this case, Ireland),” the ECJ said in its ruling.
“Furthermore, it would undermine mutual trust between member states and contravene the principle of mutual recognition.”
The ruling noted that member states can impose their own measures “under strict conditions and in specific cases”, but that these decisions have to be notified to both the European Commission and the member state of origin.
Meanwhile, the EU recently adopted the Digital Services Act, which requires large platforms to do more to tackle illegal and harmful content or risk significant fines.
Irish ‘bottleneck’ concerns
As many tech players have their headquarters in Ireland, the country’s Data Protection Commission (DPC) regularly acts as the EU’s lead data supervisor in GDPR cases against Big Tech companies.
But the DPC has been criticised over the years, with accusations of having “torturous” procedures and being a “bottleneck of GDPR investigation and enforcement”.
For example, German Free Democratic Party MEP Moritz Körner criticised the length of a TikTok investigation the DPC was leading earlier this year, as he said he first raised concerns about the app in 2019. The DPC gave TikTok a €345m fine in September for breaching GDPR rules relating to the processing of children’s data.
Speaking to the European Parliament, Data Protection Commissioner Helen Dixon said no other data protection authority concludes as many large-scale cross border inquiries as the DPC. She also said claims that the watchdog is “routinely overturned” by its peers are “misplaced”.
Last month, the DPC shared plans to grow its team with two new commissioners, as it continues to deal with its massive GDPR workload.
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.