The European Court of Justice (ECJ) is expected to issue a decision in coming months addressing the competency of member state data protection authorities to investigate and take enforcement actions against data controllers whose principle place of business is in another member state. In Weltimmo s.r.o. v. NAIH (National Authority for Data Protection and Freedom of Information Hungary), the Court will rule on whether the Hungarian DPA acted within its authority under the EU Data Protection Directive when it fined an Slovakian-registered company that operated websites for real estate ads targeting Hungarians. According to the Privacy Laws & Business International Report, the Advocate General of the ECJ, Pedro Cruz Villalón, issued his opinion on June 25, 2015 that the NAIH exceeded its authority insofar as the applicable law in this case was that of Slovakia.
The ECJ typically follows the reasoning of its Advocate General, as it did in its Google Spain ruling, but whether it will do so in this case remains to be seen. It may elect to defer its decision until the contentious issue of the "one stop shop" has been resolved in the current trilogue discussions, for fear of undermining whatever political compromises that are reached in that process. For similar reasons, it may hold back on its decision in the case brought by Max Schrems until the EU and the US complete their negotiations over reforms to the Safe Harbor program.