- European Commission fined for breaking GDPR
- EU General Court levies fine for failing to protect EU data
- A German citizen was paid 400 euros
The European Commission has been forced to pay a 400 euro ($412) fine to a German citizen for breaking its own data protection regulations.
The German citizen used a “Sign in with Facebook” option on an EU conference registration page which subsequently sent information on the citizens’ IP address, web browser, and device to Meta Platforms and Amazon in the US.
The EU General Court concluded the European Commission had transferred personal data to the United States without proper safeguards, violating the EU’s stringent General Data Protection Regulation (GDPR).
EC violates GDPR
“The Commission takes note of the judgment and will carefully study the Court’s judgment and its implications,” a Commission spokesperson said (via Reuters).
The European Union has some of the strongest privacy protections in the world, with GDPR imposing rules on any organization that collects or manages personal data of EU citizens, with the ability to fine the organization up to 4% of their annual turnover in the event that they breach the regulations.
In 2024, Meta was hit by a $263 million fine for breaching GDPR in the 2018 Facebook data breach when the data on three million EU citizens was stolen by attackers who abused a bug in the “View as” profile function to steal access tokens and take over accounts.
Meta, continuing its string of annual GDPR violations, was also hit by a record $1.3 billion fine in 2023 for transferring EU data to the US, and a $259 million fine in 2022 for failing to protect the data of more than half a billion Facebook users.
The US does not have any principal data privacy regulations, with privacy regulations varying from state to state. The EU has been debating a key piece of legislation, known as the EU Cybersecurity Certification Scheme (EUCS), since 2020.
This legislation would provide a label to cloud computing companies that follow robust cybersecurity and privacy regulations, enabling them to process EU data outside of the bloc provided they safeguard the data to the same level required inside the EU.
Leave a comment