Table of Contents
January 10, 2025
|3m
EU Court Orders Commission to Pay Fine for Data Privacy Breach
The European General Court has issued a landmark ruling, fining the European Commission for violating its own data privacy regulations by transferring a German citizen's personal data to the United States without appropriate safeguards.
The court determined that the Commission committed a "sufficiently serious breach" of data protection rules when it enabled the transfer of the individual's personal data to Meta Platforms during a login process on the Conference on the Future of Europe website in March 2022.
Specifically, the Commission created conditions for transmitting the user's IP address to Meta through a "Sign in with Facebook" option on the EU Login webpage. At the time of the transfer, no adequacy decision existed for data transfers to the United States, and the Commission failed to provide appropriate safeguards for the data transfer.
The court found that the Commission did not demonstrate any standard data protection clauses or contractual arrangements that would protect the user's personal information when transferred to a third country. This violation directly contravened Article 46 of Regulation 2018/1725, which governs data transfers by EU institutions.
As compensation, the court ordered the Commission to pay €400 to the applicant for the non-material damage sustained. This represents the first time the EU's executive body has been held financially liable for breaching its own data privacy regulations.
The ruling highlights the stringent approach the EU is taking to protect personal data, even within its own institutional framework. It serves as a clear warning to EU institutions about the importance of maintaining robust data protection measures, particularly when transferring information to countries without adequate data protection standards.
While the monetary penalty is relatively small, the symbolic significance of the judgment is substantial. It demonstrates that no institution is above the data privacy laws that the EU has worked to establish and enforce across its member states and beyond.
The case underscores the ongoing challenges of international data transfers, especially in the context of differing privacy standards between the EU and the United States. It also reinforces the EU's commitment to protecting individual privacy rights in the digital age.
Found this article interesting? Keep visit thesecmaster.com, and our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium, and Instagram and subscribe to receive tips like this.
You may also like these articles: Here are the 5 most contextually relevant blog posts:
What is Personal Information? And, How to Protect Personal Information?
List of Federal and State Data Privacy Laws in the United States
FTC Cracks Down on Major Data Brokers Banned from Selling Sensitive Location Data
HHS Proposes Strict Cybersecurity Rules for Healthcare Data Protection
India Passed Digital Personal Data Protection Bill (DPDPB)- What Does it Mean for a Common Man?
Anthony Denis
Anthony Denis a Security News Reporter with a Bachelor's in Business Computer Application. Drawing from a decade of digital media marketing experience and two years of freelance writing, he brings technical expertise to cybersecurity journalism. His background in IT, content creation, and social media management enables him to deliver complex security topics with clarity and insight.
