EU Court of Justice Fines EU €400 for Breach of EU Data Protection Laws After German Citizen’s Lawsuit

For the first time in history, the General Court of the European Union has ruled that the European Commission must pay damages to a German citizen for failing to comply with its own data protection laws.

In his lawsuit, the German citizen complains that the Commission violated his right to protection of his personal data when he visited the website of the Future of Europe Conference online in 2021 and 2022. 

The Future of Europe website is operated by the Commission. The citizen has registered on this website to participate in the GoGreen event by using the Commission's EU Login authentication service and choosing the option to connect using his Facebook account.

The person concerned believes that, during his visit to this website, personal data belonging to him was transmitted to recipients established in the United States, in particular his IP address, as well as information about his browser and his computer. 

On this basis, he claimed EUR 400 in compensation for non-pecuniary damage he allegedly suffered as a result. He also demanded that the transfer of his personal data be cancelled and that the Commission be ordered to pay him EUR 800 in compensation for non-pecuniary damage suffered as a result of the breach of his right to access his personal data.

A court hearing cases against EU institutions found that this transfer of the IP address of a Meta Platforms user to the US violated EU data protection rules and ordered it to pay him €400 in compensation.