The EU General Court has fined the European Commission to pay damages to a German citizen after failing to comply with the General Data Protection Regulation (GDPR), its data protection program. The EU now owes 400 euros ($412) to the citizen in question for transferring their data to the United States without proper safeguards.
The individual had used the “Sign in with Facebook” option on the EU login page to register for a conference. The option allows users to use their existing login credentials from a social media platform or otherwise to sign up for new websites without having to create a unique username and password during account creation.
However, once the option was used, the website sent the user’s IP address, web browser, and device details to Meta and Amazon platforms based in the US. The court ruled that this transfer of information was made without the proper safeguards in place, resulting in the fine. “The Commission takes note of the judgment and will carefully study the Court’s judgment and its implications,” a Commission spokesperson told Reuters.
This is the first time the EU has been caught breaking its own data protection rules, widely considered one of the most comprehensive and strict data privacy laws worldwide.
Another key legislative piece in data privacy, known as the EU Cybersecurity Certification Scheme (EUCS) is being debated since 2020, providing secure cloud computing companies a way to process the bloc’s data outside of its borders provided it matches up its data security standards.
It has also enforced heavy fines on tech giants in the past, especially on social media platforms like Facebook, Instagram, and even Apple or Google, for infringing on the GDPR and not protecting user privacy. Meta has received fines for three years in a row, getting fined in 2024, 2023, and 2022 for $263 million, $1.3 billion, and $259 million, respectively.
In the News: Phishing attack targets PayPal users with authentic-looking emails