EU court ‘fines’ European Commission for violating data privacy rules – Times of India

A court in the European Union (EU) has sent a strong message on data protection to the European Commission (EC). In what can be termed as a landmark ruling, the EU General Court has ordered the Commission to pay damages to a German citizen for violating the bloc’s own data protection rules.
The court ordered the Commission to pay 400 euros ($412) in damages to the individual. While the fine is small, the decision is significant because it marks the first time an EU institution has been held financially liable for breaching the General Data Protection Regulation (GDPR).

Why EU court has fined the commission

The case stemmed from the citizen’s use of the “Sign in with Facebook” option on an EU webpage to register for a conference. The court found that the Commission transferred the user’s IP address to Facebook parent company Meta Platforms in the US.
This transfer essentially violated the GDPR regulations, as it lacked adequate safeguards for personal data. The GDPR – the first of its kind – is considered one of the world’s strongest data privacy laws, and major companies like Klarna, Meta and LinkedIn have faced hefty fines for non-compliance.
In 2023, Ireland’s Data Protection Commission fined Meta a record 1.2 billion euros ($1.3 billion) for violating EU privacy laws by transferring the personal data of Facebook users to servers in the US, thereby violating EU’s data protection rules (GDPR).
It also ordered the company to stop transferring data collected from Facebook users in Europe to the US. Regulators also said Meta failed to comply with a 2020 decision by the EU’s highest court that user data in the US was not sufficiently protected from American spy agencies.