BRUSSELS: In a first, the EU General Court ruled today that the European Commission must pay damages to a German citizen for failing to comply with its own data protection regulations.
The court determined that the commission transferred the citizen’s personal data to the US without proper safeguards and ordered it to pay him €400 in damages.
The individual had used the “Sign in with Facebook” option on the EU login webpage to register for a conference.
The court, which hears actions taken against EU institutions, found that this transfer of the user’s IP address to Meta Platforms in the US violated EU data protection rules.
Europe’s General Data Protection Regulation (GDPR) is widely regarded as one of the most comprehensive and stringent data privacy laws in the world.
Major companies such as Klarna, Meta, LinkedIn and others have faced significant fines from the EU for non-compliance.