In an unprecedented ruling, the EU General Court has ordered the European Commission to pay damages for breaching its own data protection rules. On Wednesday, the court found the Commission guilty of improperly transferring a German citizen’s personal data to the United States without necessary safeguards. The citizen, who had used the “Sign in with Facebook” feature to register for an EU conference, was awarded €400 (£349).
The court determined that the transfer of the user’s IP address to Meta Platforms in the U.S. violated GDPR regulations. The ruling highlights the stringent standards of GDPR, regarded as one of the world’s toughest data privacy laws.
A European Commission spokesperson stated they would “carefully study the Court’s judgment and its implications.” This decision underscores the EU’s commitment to holding institutions and companies accountable for data privacy violations, including major firms like Meta and LinkedIn.