Data protection watchdogs in any European Union (EU) member state can file complaints against Facebook despite the fact the company bases its European presence in Ireland, advocate general Michal Bobek advised the European Court of Justice.
The adviser to the EU's top court said in a statement on Wednesday that although he was advising in a case involving Facebook, this principle applies to any other tech firm even if they are headquartered in a different EU state.
He made the recommendation after Belgium's privacy regulator filed a data case it had started against several companies belonging to the Facebook group in September 2015.
In those proceedings, the Belgian data protection authority requested that Facebook be ordered to stop placing certain cookies on the device of those individuals who, using the internet established in Belgium, browse a web page in the Facebook.com domain without their consent.
Facebook sought to reject the action by arguing against the watchdog's competence.
It argued that under EU privacy rules, known as the General Data Protection Regulation (GDPR), only the data protection authority of the State of Facebook's main establishment in the EU -- the Irish Data Protection Commission -- is empowered to engage in judicial proceedings against Facebook for infringements of the GDPR in relation to cross-border data processing.
The Belgian court of appeal asked the EU Court of Justice for an opinion on the matter, specially whether the GDPR actually prevents a national data protection authority from engaging in court proceedings in its member state.
Bobek recommended that the data protection agency in any EU country should be able to take legal action in various situations even if they were not the lead authority.
He said that although the lead authority had a general competence over cross-border data processing, the power of other authorities to start legal proceedings was curtailed in cross-border cases based on the "one-stop-shop" mechanism enshrined in EU rules.