On 28 April 2022, the EU Court of Justice (ECJ) issued its judgment in case C-319/20 (Facebook Ireland Limited v Bundesverband der Verbraucherzentralen und Verbraucherverbände - Verbraucherzentrale Bundesverband e.V.) confirming that, under the GDPR, consumer protection associations may pursue personal data infringements, even in the absence of a mandate conferred on them for that purpose, and independently of the infringement of the specific rights of the data subjects, against the person allegedly responsible for an infringement of the laws protecting personal data.