The ECJ has ruled in favor of the local data protection authority in its case against a property website. This ruling may have big implications for international tech firms operating across multiple EU countries.

The ruling read that if a company operates a service in the native language of a country and has representatives there, it can be held accountable by the country’s national data protection agency even without having headquarters in that country. This landmark ruling can change the face of data protection for multinationals operating across EU jurisdictions.

This particular case was filed by the Hungarian data protection agency against property website operating a property advertising service in Hungary, though being headquartered in Slovakia. The European Court of Justice decided that the site could be liable for fines imposed by the Hungarian agency for passing of user data to debt collection agencies, which is against Hungarian data protection laws.

Normally, US tech giants choose to headquarter their European operations in one country (usually Ireland) and are thought to be subject to regulation only within Ireland, while being able to operate in any EU country without having to gain regulatory approval in each. But the implications of this ruling for such tech giants as Facebook or Google could be vast.

That said, a number of cases have already been filed against Facebook over privacy across Europe, for example, in Belgium and Austria, which have argued that the social network has breached their national laws. And the recent ruling could be in data protection agencies’ favor.