The European Union’s General Court has handed the European Commission a significant victory, confirming its broad authority to demand vast amounts of internal data from Big Tech companies under the new Digital Services Act (DSA). In a landmark ruling, the court dismissed a challenge from Meta Platforms, setting a powerful precedent for how the DSA will be enforced across the digital single market.
THE BOTTOM LINE
- Aggressive Enforcement is Here to Stay: The Commission’s authority to demand extensive, detailed information from large online platforms is now court-approved. Businesses should anticipate more aggressive and forensic inquiries into their algorithms, advertising systems, and internal risk assessments.
- Challenging Information Requests is an Uphill Battle: The court has set a high bar for companies looking to legally challenge the “necessity” or scope of an information request. Arguments that requests are too broad, deadlines too tight, or questions too vague are unlikely to succeed.
- Operational Readiness is Non-Negotiable: Designated platforms must have the internal systems and resources ready to respond to complex information demands on short notice. Waiting for a request to arrive is not a viable strategy; proactive data governance and compliance readiness are essential.
THE DETAILS
The case arose after the European Commission, in its capacity as the chief enforcer of the DSA, sent a formal Request for Information (RFI) to Meta. The RFI was part of an investigation to determine if Meta was complying with its obligations concerning advertising practices and transparency. Meta challenged the request before the General Court, arguing it was a fishing expedition that went beyond what was “necessary,” imposed disproportionately short deadlines, and violated its fundamental rights of defence. This case served as the first major court test of the Commission’s powerful new investigatory tools under the DSA.
The General Court dismissed Meta’s arguments on all fronts. Crucially, the court affirmed that the Commission does not need to have proof of an infringement to request information; it merely needs sufficient indications that an investigation is warranted. It ruled that the complexity of modern advertising systems and algorithms justifies correspondingly broad and detailed questions. The court also found that the tight deadlines were not unreasonable, considering the significant resources of a company like Meta and the Commission’s need to conduct its enforcement duties effectively. This gives the Commission significant latitude in setting the terms of its investigations.
This judgment solidifies the Commission’s position as a formidable digital regulator. For CEOs and General Counsels at all companies designated as Very Large Online Platforms (VLOPs) or Very Large Online Search Engines (VLOSEs), the message is clear: the era of light-touch regulation is over. The ruling validates the DSA’s enforcement framework, empowering the Commission to probe deeply into the core operations of digital services. Companies must now operate under the assumption that any aspect of their DSA compliance could become the subject of a detailed and demanding official inquiry, and that legal challenges to such inquiries face a very high probability of failure.
SOURCE
Source: General Court of the European Union
