In a first, EU Court fines EU for breaching own data protection law

BRUSSELS — In a first, the EU General Court ruled on Wednesday (Jan 8) that the European Commission must pay damages to a German citizen for failing to comply with its own data protection regulations.

The court determined that the Commission transferred the citizen's personal data to the United States without proper safeguards and ordered it to pay him 400 euros (S$564) in damages.

The individual had used the "Sign in with Facebook" option on the EU login webpage to register for a conference. The court, which hears actions taken against EU institutions, found that this transfer of the user's IP address to Meta Platforms in the US violated EU data protection rules.

"The Commission takes note of the judgement and will carefully study the Court's judgement and its implications," a Commission spokesperson said.

Europe's General Data Protection Regulation (GDPR) is widely regarded as one of the most comprehensive and stringent data privacy laws in the world. Major companies such as Klarna, Meta, LinkedIn and others have faced significant fines from the EU for non-compliance.

[[nid:713104]]