A national data protection authority which is responsible for the protection of private data, but not a ‘lead’ data protection authority within the meaning of the GDPR Regulation (2016/679), can only take legal action in its Member State in cases explicitly provided for by EU law, said Advocate General at the Court of Justice of the EU, Michal Bobek, in a Opinion delivered on Wednesday 13 January (Case C-645/19).
In 2015, the Belgian data protection authority had filed a lawsuit...