A picture of a man covering his face with the imprint of the European Union Stars for the concept.
Credit: Shutterstock, Gwoeii
The EU has broken its own data protection laws and has subsequently been found guilty and fined. In a twist worthy of House of Cards – if House of Cards were a comedy starring Will Ferrel – the EU General Court has turned the tables on its own, fining the European Commission €400 (£345) for flouting the very data protection laws it’s famous for enforcing. Yes, you read that right – the watchdog got caught without its leash!
The ruling, delivered Wednesday, January 8, marks a historic first. A German citizen, who innocently clicked ‘Sign in with Facebook’ while registering for an EU conference, ended up exposing the Commission’s questionable data practices. The enthusiastic user’s IP address was whisked away to Meta Platforms in the U.S., in clear violation of the EU’s stringent General Data Protection Regulation (GDPR). T
From watchdog to lawbreakers
The EU Commission, which often dishes out hefty fines to corporate giants like Meta, Klarna, and LinkedIn for GDPR breaches, and stresses small businesses out something silly with its constant requirements, found itself on the receiving end this time. The court ruled that the Commission had failed to put proper safeguards in place before transferring personal data overseas.
And the price tag for this blunder? A relatively modest €400 in damages for the citizen whose data was mishandled. It might be a drop in the ocean for the EU’s budget, but the comedy value? Priceless.
‘We’ll study the implications,’ says Commission
The European Commission’s spokesperson, clearly caught on the back foot, said: “The Commission takes note of the judgment and will carefully study the Court’s judgment and its implications.” Translation? A red-faced passive-aggressive meeting is likely on the agenda.
GDPR: World-class privacy laws under scrutiny
Europe’s GDPR is hailed globally as the gold standard in data privacy. But this case has highlighted the irony of the very institution responsible for upholding these laws tripping over them. It’s not the first time GDPR has made headlines – major corporations have faced multi-million-euro penalties. But now, it’s the enforcer that’s been fined, and you can bet there’ll be plenty of smirks in corporate boardrooms worldwide. The question on everybody’s lips is; how can the EU expect small and medium-sized businesses to abide by the laws that they themselves can’t keep track of?
The bigger picture for data privacy laws
While €400 might not seem like much, this ruling could set a precedent. The EU’s own institutions are now under the microscope, proving that no one – not even the big bosses in the gloomy depths of Brussels – is above the law.
Stay tuned for more.
Read more news in English from around Spain.
Read more news in English from around Europe.
