The European Court fined the EU for violating its own data protection laws

Other news, 10.01.2025, 10:30 AM

The European General Court fined the European Commission, the executive body of the European Union responsible for proposing and implementing laws in the Union, due to violations of the EU’s own data privacy regulations. It is the first time the Commission has been held responsible for breaching strict data protection laws in the region.

The court found that a “sufficiently serious breach” was committed by transferring personal data, including the IP address and web browser metadata of EU users, to Meta’s servers in the United States.

According to the court documents, the German citizen who is the complainant used the Commission’s EU Login authentication service to register for the GoGreen event on the website during visits to the website of the Conference on the Future of Europe managed by the Commission in 2021 and 2022. website of the commission. As a result, the user’s IP address was sent to Meta Platforms’ servers in the United States, as well as web browser and computer information, which, according to the court’s ruling, violated EU data protection regulations.

The court, which hears actions against EU institutions by individuals or member states, agreed with the applicant’s claim that the transfer of his IP address was unlawful and “caused him non-material damage in terms of loss of control over his data” which they could access security and intelligence services of the USA. The court also agreed that the plaintiff’s rights and freedoms were threatened as a result.

“Therefore, the Commission must be ordered to pay the applicant the sum of 400 euros for the non-material damage he suffered as a result of the disputed transfer when signing up for EU Login on March 30, 2022,” the court’s ruling states.

However, the court rejected the applicant’s claim that his data was also transferred to the American company Amazon Web Services, in its capacity as the operator of the Amazon CloudFront content distribution network used by the said website, after it was established that the information was actually hosted on a server located in Munich, Germany.

“The Commission takes note of the judgment and will carefully study the court’s judgment and its implications,” said a Commission spokesman.

The EU’s General Data Protection Regulation, GDPR, is one of the strictest data privacy laws in the world. The fine of 400 euros that the European Commission will have to pay is only a small fraction of the many millions of fines that the EU has imposed on large corporations based on the GDPR, including Amazon, Google and TikTok.

Target is among the biggest GDPR violators. The last fine that was imposed on the company was EUR 91 million, due to the disclosure of passwords in clear text of 600 million Facebook users. In May 2023, Meta was fined €1.2 billion, the largest fine imposed under the GDPR to date, and since the GDPR came into force in 2018, the company has also received several smaller fines, in the amount of several hundred million euros.

Photo: Guillaume PérigoisUnsplash

Source: www.informacija.rs