The EU fines itself for breaching its own data protection laws

by | Jan 13, 2025 | E-commerce News

The EU General Court ruled on Wednesday that the European Commission must pay damages to a German citizen for failing to comply with its own data protection regulations.

The court determined that the Commission transferred the citizen's personal data to the US without proper safeguards and ordered it to pay him 400 in damages. 

Here's what happened:

  • Back in 2022, a man used the “Sign in with Facebook” option on the EU login site to register for the “Conference on the Future of Europe.”
  • The login transferred his IP address to Meta in the US, violating EU data protection rules which state that users' personal info can only be transferred outside the EU when those jurisdictions have been found to have equivalent safeguards to those in Europe. At the time, the EU had not assigned that status to the US.
  • The court concluded that the action constituted a “sufficiently serious breach” of the rules, and warranted a financial penalty (albeit a small one).
  • However the court rejected the man's second claim of €800 for infringing his right to access information when the Commission failed to reply to his request about the data transfer.

A Commission spokesperson said, “The Commission takes note of the judgment and will carefully study the Court's judgment and its implications.”

I've got to hand it to the EU on this one. Way to set an example that no-one's above the law!

Never miss important e-commerce news

Our weekly newsletter is read each week by 15,000+ e-commerce professionals.

Loading...