Login
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUM MEDIA
The European Union is fining itself for breaches of its data regulation legislation after it transferred personal data to the US.
The EU General Court ruled that the EU failed to comply with the General Data Protection Regulation (GDPR) after it transferred the information of a German citizen to the US without following the proper regulations.
The German citizen had logged into the EU login site through the “Sign in with Facebook” option for a conference, resulting in the user’s IP address being transferred to Meta Platforms, which is based in the US.
The EU General Court has ordered that the EU pay €400 (roughly A$665) in damages to the individual for the breach of the GDPR.
“The commission takes note of the judgment and will carefully study the court’s judgment and its implications,” said a European Commission spokesperson.
Under article 45 of the GDPR, data transferred to the US from the EU must ensure an adequate level of protection for personal data.
A number of major organisations have previously faced fines for breaches of the GDPR, which is considered one of the most comprehensive pieces of data regulation legislation in the world.
In August, ride-sharing service Uber faced a fine of €290 million (roughly A$477 million) for the exact same reason.
According to the Dutch Data Protection Authority (DPA), Uber had been transferring the personal data of European taxi drivers to the US for over two years without required protections, violating the EU’s General Data Protection Regulation (GDPR).
“In Europe, the GDPR protects the fundamental rights of people by requiring businesses and governments to handle personal data with due care,” said DPA chairman Aleid Wolfsen.
“But sadly, this is not self-evident outside Europe. Think of governments that can tap data on a large scale.
“That is why businesses are usually obliged to take additional measures if they store personal data of Europeans outside the European Union. Uber did not meet the requirements of the GDPR to ensure the level of protection to the data with regard to transfers to the US. That is very serious.”
Author’s Note: This article first appeared on Cyber Daily, Lawyers Weekly’s sister brand.
We're evolving — and so should your insights. Heads up — Lawyers Weekly is going premium from 1 May for just $5 a month. Stay informed without missing a beat. More information coming soon.
Get breaking news
Daniel Croft
