The EU Court of General Jurisdiction has ordered the European Commission to compensate a visitor to its website for the transfer of his personal data to the United States.
This is stated in the court's decision.
A German citizen complained that the EC violated his right to the protection of personal data in 2021 and 2022 when he visited the website of the «Conference on the Future of Europe». The plaintiff registered for the event using the authentication service EU Login. In particular, he selected the option to log in via a Facebook page.
The plaintiff claimed that as a result, his personal data — IP address, information about his browser and terminal — were transferred to the American company Amazon Web Services and the Meta Platform Corporation.
However, according to him, the US does not have an adequate level of protection, so there was a risk that US security and intelligence services would gain access to his data. The claim also stated that the European Commission had not provided any appropriate guarantees that could justify the transfer of data.
The court was asked to approve 400 euros in compensation for non-material damage due to the transfer of data, the cancellation of the transfer of data, and another 800 euros in compensation for moral damage due to the violation of the right to access information.
The court rejected the last two claims. The decision indicates that the European Commission has a contract with Amazon Web Services to store data in Europe.
However, the court recognized that by the hyperlink «Login with Facebook» the European Commission created the conditions for the transfer of his IP address to the American Meta Platforms. There was no EC decision that the United States ensured an adequate level of protection for the personal data of EU citizens.
Yes, the EC did not comply with the conditions set by EU law for the transfer of personal data to a third country. The Court ruled that the European Commission had «committed a sufficiently serious breach» and imposed a fine of €400.