EU Ordered by European Court to Pay Compensation for GDPR Violation
The General Data Protection Regulation (GDPR) of the European Union is recognized as the most comprehensive and stringent data privacy law worldwide. Several major tech companies have faced investigations and hefty fines from the EU for GDPR violations.
However, it appears that in some instances, the EU itself (referring to its official institutions, specifically the European Commission) has failed to adequately protect citizens' privacy data, thus breaching GDPR provisions.
This Wednesday, for the first time, the General Court of the European Union ruled that the European Commission must pay a German citizen 400 euros in compensation. The reason being the official EU website's login page offered the option to log in using Facebook, which this German citizen used to register for a conference.
The General Court of the European Union, which oversaw this lawsuit, noted that the option provided by the European Commission resulted in the user's IP address being transmitted to Meta Group in the US, thereby violating GDPR regulations.
Indeed, logging in with Facebook requires entering the Facebook account and password, which does indeed record the user's IP address and other necessary information, hence the European Commission did indeed violate GDPR provisions.
Following the verdict, a spokesperson for the European Commission stated they had taken note of the decision and would closely examine the court's ruling and its potential implications.