EU Court orders damages for data breach by Commission
A German citizen wins the case on data privacy violation.
In a landmark decision, the EU General Court ruled on Wednesday that the European Commission must pay €400 ($412) in damages to a German citizen for violating data protection laws. The case marks the first time the Commission has been held liable for failing to comply with its data regulations.
The court found that the Commission improperly transferred the citizen’s personal data, including an IP address, to Meta Platforms in the United States without adequate safeguards. The breach occurred when the individual used the ‘Sign in with Facebook’ option on the EU login webpage to register for a conference.
The Commission acknowledged the ruling, stating it would review the judgment and its implications. The decision underscores the robust enforcement of the EU’s General Data Protection Regulation (GDPR), which has led to significant penalties against major firms like Meta, LinkedIn, and Klarna for non-compliance.