EU fines EU for breaching EU data protection law

The European Union is fining itself for breaches of its data regulation legislation after it transferred personal data to the US.

Daniel Croft • 14 January 2025 • Big Law

The EU General Court ruled that the EU failed to comply with the General Data Protection Regulation (GDPR) after it transferred the information of a German citizen to the US without following the proper regulations.

You’re out of free articles for this month

Username or Email

Password Forgot password?

Keep me signed in on this device.

First Name

Last Name

Mobile

Organisation Type

By becoming a member, I agree to receive information and promotional messages from Lawyers Weekly. I can opt out of these communications at any time. For more information, please visit our Privacy Statement.

Need help signing up? Visit the Help Centre.

The German citizen had logged into the EU login site through the “Sign in with Facebook” option for a conference, resulting in the user’s IP address being transferred to Meta Platforms, which is based in the US.

The EU General Court has ordered that the EU pay €400 (roughly A$665) in damages to the individual for the breach of the GDPR.

“The commission takes note of the judgment and will carefully study the court’s judgment and its implications,” said a European Commission spokesperson.

Under article 45 of the GDPR, data transferred to the US from the EU must ensure an adequate level of protection for personal data.

VIEW ALL

A number of major organisations have previously faced fines for breaches of the GDPR, which is considered one of the most comprehensive pieces of data regulation legislation in the world.

In August, ride-sharing service Uber faced a fine of €290 million (roughly A$477 million) for the exact same reason.

According to the Dutch Data Protection Authority (DPA), Uber had been transferring the personal data of European taxi drivers to the US for over two years without required protections, violating the EU’s General Data Protection Regulation (GDPR).

“In Europe, the GDPR protects the fundamental rights of people by requiring businesses and governments to handle personal data with due care,” said DPA chairman Aleid Wolfsen.

“But sadly, this is not self-evident outside Europe. Think of governments that can tap data on a large scale.

“That is why businesses are usually obliged to take additional measures if they store personal data of Europeans outside the European Union. Uber did not meet the requirements of the GDPR to ensure the level of protection to the data with regard to transfers to the US. That is very serious.”

Author’s Note: This article first appeared on Cyber Daily, Lawyers Weekly’s sister brand.

You need to be a member to post comments. Become a member for free today!

Lawyers Weekly - legal news for Australian lawyers

SECTIONS

MORE

EU fines EU for breaching EU data protection law

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED