- European Commission fined for violating the GDPR
- EU General Court imposes fine for failure to protect EU data
- A German citizen received 400 euros
The European Commission has been forced to pay a fine of 400 euros ($412) to a German citizen for violating its own data protection rules.
The German citizen used the “Sign in with Facebook” option on an EU conference registration page which subsequently sent information about the citizens’ IP address, web browser and device to Meta Platforms and Amazon in the US. USA
The EU General Court found that the European Commission had transferred personal data to the United States without adequate safeguards, violating the EU’s strict General Data Protection Regulation (GDPR).
The EC violates the GDPR
“The Commission takes note of the ruling and will carefully study the Court’s ruling and its implications,” a Commission spokesperson said (via PakGazette).
The European Union has some of the strongest privacy protections in the world, with GDPR imposing rules on any organization that collects or manages personal data of EU citizens, with the ability to fine the organization up to 4% of its turnover. annually in case they fail to comply with the rules.
In 2024, Meta was fined $263 million for violating the GDPR in the 2018 Facebook data breach, when attackers stole the data of three million EU citizens who abused a bug in the profile feature. “View as” to steal access tokens and take over accounts.
Meta, continuing its string of annual GDPR violations, was also hit with a record $1.3 billion fine in 2023 for transferring data from the EU to the US, and a $259 million fine in 2022 for failing to protect the data of more than 500 million Facebook users. .
The United States does not have any major data privacy regulations, and privacy regulations vary from state to state. The EU has been debating a key piece of legislation, known as the EU Cybersecurity Certification System (EUCS), since 2020.
This legislation would provide a label to cloud computing companies that follow strict cybersecurity and privacy rules, allowing them to process EU data outside the bloc as long as they safeguard the data to the same level required within the EU.
