Meta Platforms Ireland Ltd vs The Data Protection Commissioner

Meta Platforms Ireland Ltd vs The Data Protection Commissioner: A Landmark GDPR Case

The Court of Appeal in Ireland delivered a significant judgment on 13 March 2025 in the case of Meta Platforms Ireland Ltd versus The Data Protection Commissioner, addressing key issues related to the enforcement of the General Data Protection Regulation (GDPR) in the European Economic Area (EEA). This case arose from a challenge by Meta, the data controller for Facebook services in the EEA, against a decision by the Irish Data Protection Commissioner (DPC) imposing substantial fines for GDPR infringements.

Background of the Case

The case centres around the GDPR, a comprehensive data protection regulation enacted by the European Union to safeguard personal data and ensure its free movement within the internal market. The DPC, as the lead supervisory authority for Meta in the EU, conducted an enquiry into alleged data protection breaches by Meta. The DPC's decision, issued on 25 November 2022, found Meta in violation of GDPR Articles 25(1) and 25(2), resulting in fines totaling €265 million.

Meta's Legal Challenge

Meta contested the DPC's decision, arguing procedural errors and misinterpretations of GDPR provisions. The company sought to annul the decision through both statutory appeal and judicial review in the Irish High Court, raising issues related to the calculation of fines and procedural compliance.

High Court Proceedings

The High Court granted Meta leave to pursue judicial review, but the proceedings were complicated by parallel litigation involving WhatsApp Ireland Ltd, another Meta subsidiary. The WhatsApp case, which challenged a related decision by the European Data Protection Board (EDPB), was seen as potentially impacting Meta's case, leading to requests for adjournment.

Appellate Court's Decision

The Court of Appeal, led by Justice Anthony M. Collins, addressed whether the High Court proceedings should be adjourned pending the resolution of the WhatsApp case. The appellate court emphasised the importance of timely justice and the need to avoid unnecessary delays in legal proceedings.

Legal Analysis and Implications

The appellate court underscored the presumption of validity for decisions made by supervisory authorities under the GDPR. It highlighted the necessity for effective judicial remedies, as mandated by Article 78 of the GDPR, and criticised the prolonged adjournment of the proceedings.

Conclusion and Future Directions

The Court of Appeal allowed the DPC's appeal, setting aside the High Court's orders to adjourn the proceedings. This decision reflects the court's commitment to ensuring efficient and expeditious resolution of legal challenges, particularly in the context of GDPR enforcement.

Impact on Data Protection Law

This case serves as a critical reference point for data protection practitioners and companies operating within the EU. It reinforces the role of national supervisory authorities in enforcing GDPR compliance and highlights the legal complexities involved in cross-border data protection cases.

Learn More

For a comprehensive understanding of data protection law, including compliance and enforcement, refer to BeCivil's guide to English Data Protection Law.