EU Court Fines European Commission for Violating Its Own Data Protection Law

The General Court of the European Union has fined the European Commission €400 for breaching data protection rules under the General Data Protection Regulation (GDPR)—marking the first time the body responsible for enforcing GDPR has been found guilty of violating it.

The case originated when a German citizen used the "Login via Facebook" option to register for an event organized by the Commission. As a result, their personal data, including IP address, browser details, and device information, was transferred to Amazon and Meta without proper safeguards.

The court ruled this a serious violation of GDPR, which applies across all 27 EU countries. The €400 fine will be paid as compensation to the affected individual.

The ruling also criticized the European Commission's failure to implement adequate data protection measures for cross-border data transfers, undermining trust in the EU's data governance framework.