Luxembourg: Facebook Inc. could be in the firing line of data privacy regulators across the European Union if the bloc’s top court follows the opinion of an adviser who said the social media giant may be policed by authorities in the country where users are based.

Yves Bot, an advocate general of the EU Court of Justice, said Tuesday that national watchdogs spread across the 28-nation bloc could in some cases have power to take direct action against Facebook when they suspect illegal data processing has taken place — even though its EU base is in Ireland.

The case, which concerns a German dispute over a “fan page" set up on Facebook by a local user, could end up having wide effects and refute the US company’s long-held view that the Irish privacy regulator is the only watchdog with a say over its data processing in Europe.

The German case is one of many clashes between the Menlo Park, California-based and national authorities. Belgium’s privacy regulator told a court this month that the company was engaged in “unprecedented in monitoring the browsing habits" of millions of people.

Facebook said in a statement that “we respectfully disagree with the Advocate General and await the European Court’s decision."

The Luxembourg-based court’s ruling, which usually comes 4 to 6 months after an opinion, would be binding and become law across the EU.

A new EU privacy law that will take effect in May 2018 will give national regulators the power to fine companies as much as 4% of their global annual sales for violations. It will also put some regulators in charge of companies having a base in their territory.

The Advocate General in his opinion Tuesday said the court should disregard this law change as far as the case at issue was concerned, given that the changes aren’t yet in force. Bloomberg