In a historic first for the EU General Court, it has ruled that the European Commission must pay damages to a German citizen, after the EC failed to comply with its own data protection regulations.
The German citizen had signed in via Facebook on a EU login webpage, in order to register for a conference.
The court confirmed that the user’s IP address, and similar personal data like browser data, was transferred Meta Platforms in the USA without appropriate safeguarding measures, therefore violating EU data protection rules.
The website in question was futureu.europa[.]eu, currently inactive.
The user further accused that their data was also transferred to Amazon CloudFront servers, in the US too, but this was dismissed after it was determined that the information was hosted on a Munich-based server.
They received 400 euros in damages — a minor sum, likely appropriate to the lack of real consequences triggered by the error, but it demonstrated to the world that the legal system respects rule of law, in which no entity is above the law itself.
Europe’s General Data Protection Regulation (GDPR) is known to be the most comprehensive and harsh data privacy law in the world, points out Reuters.
It’s not the first time that Meta has been fined by the EU.
