EU Commission Slammed for Data Protection Violations

Reading time: About 1 minute
by
La Commission européenne condamnée pour... violation de la protection des donnéesPin
LinkedInRedditWhatsApp
The European Court of Justice issued a rather unique ruling yesterday, finding the European Commission guilty of violating the EU’s personal data protection laws. The institution must pay a symbolic amount of 400 euros in damages to a German citizen who suffered a data transfer to Meta (the parent company of Facebook) via an official EU website. Yet, the principle behind the decision is what truly stands out!

Amazon co-founder MacKenzie Scott has donated over $19 billion to charity in just five years
Diamond batteries powered by nuclear waste promise 28,000 years of clean energy

What Actually Happened?

The case dates back to 2021 when a German citizen registered for an event through the European Future Conference website, a portal managed by the European Commission. During registration, he chose the Log in with Facebook option, which led to the transfer of some of his personal data to Meta, including his IP address.

He believed this transfer put him at risk due to the inadequate data protections in the United States, where Meta is based. Staying true to his principles, he subsequently filed a lawsuit, seeking 400 euros for the emotional distress suffered (hence the origin of the amount…).

Legal Rulings?

In its verdict, the CJEU confirmed that at the time of the incident, the United States did not have a level of data protection deemed
adequate by EU standards. The Court criticized the European Commission for allowing this transfer through a hyperlink, not adhering to the strict conditions set by European law. According to the Court, this oversight placed the victim in a situation of insecurity regarding the use and processing of his data, causing moral harm sufficient to warrant the ruling.

Beyond the relatively small sum, this decision marks a first in the history of the European Union. It sends a clear message: even European institutions must strictly adhere to data protection rules, as laid out in the GDPR. With this ruling, the CJEU underscores that data transparency and security for EU citizens are non-negotiable obligations, even for community bodies.

NASA warns China could slow Earth’s rotation with one simple move
This dog endured 27 hours of labor and gave birth to a record-breaking number of puppies

This case could pave the way for similar legal actions, further enhancing scrutiny on the respect for digital rights in Europe. In any case, this legal precedent could very well be cited in the future by tech companies in their own legal proceedings.

3.8/5 - (34 votes)

Leave a Comment