Reed The General Court of Europe ruled that the European Commission must pay a fine of 400 euros for the illegal transfer of data of German citizens to the United States.
In 2022, a German citizen used his Facebook account to go to the EU Council website and register for a meeting. As a result, the user’s IP address was transferred to Meta Platforms in the US, which is a violation of the data protection rules set out in the GDPR. The court ruled that this case caused “immaterial damage in the form of loss of control over one’s own data” and deprived citizens of their basic rights and freedoms.
The commission is obliged to pay 400 euros in compensation. At the same time, the court rejected another part of the lawsuit, which related to the transfer of data to Amazon Cloudfront servers in the United States, because it was proved that these servers were physically located in Munich, Germany. A representative of the European Commission said that it will carefully study the consequences of this court decision. The EU General Data Protection Regulation (GDPR) is one of the strictest data protection laws in the world. Although the fine is small compared to the hundreds of millions of euros the EU has imposed on companies such as Amazon, Google and TikTok, it is significant as it is the first time the European Commission itself has fined Meta.
This case highlights the importance of compliance with data protection rules, even for public authorities. The European Commission, as one of the main implementers of the GDPR, is currently under the scrutiny of the public and regulatory authorities. Further study of this case law may lead to new changes in data protection policy in the EU.