E.U. Commission Faces €400 Fine Over Mishandling of Citizen's Personal Data

The European Commission was fined by the European General Court. This is the first time in history that the EU's executive body has been held responsible under its strict data privacy rules. Personal information about a German individual, such as their IP address and web browser metadata, was sent to Meta's servers in the U.S. while they used the now-defunct futureu.europa[.]eu website in March 2022. This led to the case.

The court said that the Commission had committed a "sufficiently serious breach" when it let personal information be sent through its "Sign in with Facebook" option. The person who sent the complaint said that this transfer put their data at risk of being accessed by U.S. intelligence agencies, which is a big problem according to E.U. data security rules.

Notably, the court didn't believe the claims that data was sent to Amazon CloudFront computers; instead, it confirmed that the data was stored in Munich, Germany. It did say, though, that the U.S. did not have enough data protection compared to the E.U. at the time of the transfer and did not have the right measures in place, such as standard data protection clauses.

Article 46 of Regulation 2018/1725, which controls how E.U. institutions send and receive data, said that the Commission had to pay the complainant €400 ($412) in penalties because of the breach. This decision shows how important it is to protect privacy, even for institutions in the European Union, and it sets a standard for responsibility.

Source : The Hacker News