In response to the Belgian Court of Appeal’s request for a preliminary ruling concerning the application of the “one-stop-shop” mechanism, the Court of Justice of the European Union (CJEU) ruled that:
1. Under certain conditions, a national supervisory authority might exercise its power to bring any alleged infringement of the GDPR before a Member State court, even though that authority is not the lead supervisory authority.
2. The supervisory authority of a Member State, not the lead supervisory authority concerning an instance of cross-border data processing, may bring any alleged infringement of the GDPR before a court of that State and initiate or engage in legal proceedings.
You can find the judgment here: https://curia.europa.eu/juris/document/document.jsf;jsessionid=F1F261469DD0D27B1AA2D205BA6A94EE?text=&docid=242821&pageIndex=0&doclang=EN&mode=req&dir=&occ=first&part=1&cid=779073
More information about the Facebook case here: https://fortune.com/2021/06/15/cjeu-facebook-ireland-belgium-gdpr-lead-authority/