A recent decision of the EU General Court categorically held the European Commission guilty of flouting rules of data protection in the EU. This case is the first in which an EU institution has been penalised for breaching the tough measures provided for in the GDPR. This case shows how even governing bodies of the European Union fail to observe privacy laws when making decisions.
EU Court Orders Commission to Pay for Data Privacy Breach
The commission was held to have transferred a German citizen’s personal data to the United States contrary to the requirements of Article 44 without applying suitable protections. This action contravened the cross border transfer provisions of GDPR which seeks to protect data rights and freedoms across borders.
For this reason, the court imposed the obligation on the European Commission to compensate 400 euros (approximately $412) to the concerned citizen. While the sum is not large, the decision is highly important, as it precedents hiking EU institutions to the GDPR’s responsibilities .
This case demonstrates that data protection rules have to be followed by regulations, including those of social networks, and must be transparent. This also communicates a strong message that the EU has the backing of privacy specially when it comes to maintaining itsTyped laws on its institutions.
The decision also puts more pressure on other EU bodies to pay even more attention to how they process their data. It is a good note to now understand that the GDPR has no exemptions regardless of the instances where the government institutions are involved, which in effect means that the level of accountability of all organizations is the same.
EU Court Rules Facebook Login Violated Data Privacy Laws
The use of the sign ‘Sign in with Facebook’ button on the EU login website has been found to be against EU data protection laws by the EU General Court. The decision is based on a case where a German citizen’s IP address was passed on to Meta Platforms in the United States during registration for a conference organized in the EU.
In the court view this transfer of personal data was not conducted in full compliance with the stringent provisions of the General Data Protection Regulation (GDPR). According to EU law there have to be adequate measures in place to protect data transfer to non- eu countries including protection of the user’s privacy.
This judgment underscores the criterion that the EU institutions are equally obligated to respect the acts they impose on others in data protection. The EU itself failed to provide adequate protection for citizens’ data by transferring it without proper measures the regulations failed to meet this goal as intended.
The subject of this action was granted damages amounting to 400 euros (approximately 412 US dollars). The financial penalty of 703,000 Euros offered whilst seemingly a mere drop in the ocean underscores one of the main impacts of the case, which is the fact that, the EU institutions are not immune to the dictates of GDPR.
This landmark ruling also means that third-party services like the “Sign in with Facebook” if incorporated in the official EU website are dangerous. It makes a clear message to both public and private organisations to seriously scrutinize their data sharing procedures to prevent such infringement.
EU Court Ruling Highlights Accountability Under GDPR
The European Commission has said it will study a recent judgment of the EU General Court which ruled it had violated its own data protection legislation. The case can be discussed in terms of the lack of EU institutions’ responsibility under the General Data Protection Regulation (GDPR).
The GDPR has been referred to internationally as one of the world’s toughest data protection regulations. It imposes rigorous rules on corporations and organizations that do business in the EU, forcing them to safeguard consumer information and be as clear as they can in the process that they use data.
Large companies, such as Meta, LinkedIn and Klarna have been fined tens of millions of euros for GDPR infringements. While this recent ruling is one of the few in which the EU institution has been penalized for its non-compliance, we see this as a good case of President Barroso making a good point on the application of law on the EU institution by another EU institution.
The verdict of the General Court also reveals that the EU is very strict in the actions of all the organizations, including its executives, with regard to the GDPR regulations. The also emphasizes the risks that institutions can experience when using third-party tools and service, for example, the social login options, as it will lead to privacy invasion.
Reflecting on the GDPR aspects of this judgment, the Commission recalls that it too has to act within the framework of the regulation. This case is going to provide a wake-up call for the public and private sectors to pay closer attention to data and to reform the practice.
