European Commission ordered to pay €400 in damages for using Facebook login authentication

The Court of Justice of the European Union has determined that the European Commission must pay a German national €400 in damages, because his data was shared with Meta when he logged into an event using the ‘Sign in with Facebook’ hyperlink.
The case revolves around an event called the Conference on the Future of Europe, which was managed by the European Commission. In order to participate in the ‘GoGreen’ event, a citizen living in Germany had to sign in. To do so, he used Meta’s ‘Sign in with Facebook’ button.
However, by using this hyperlink his personal information, including his IP address and information about his browser and terminal, was transferred to servers of Amazon and Meta in the United States.
The concerned individual argued that the US doesn’t have an adequate level of protection. By transferring his information to the US, it’s now at risk of being accessed by the US security and intelligence services.
According to the German national, the European Commission hadn’t made it clear whether protective measures had been taken to eliminate any privacy issues, even though the Commission was required to do so.
Because of this, the plaintiff sought €400 in damages for the non-material damage he claimed to have sustained because of the transfer.
The Court of Justice of the European Union agrees with the German citizen. According to the Court, the European Commission created the conditions for the transmission of his IP address to Facebook.
“At the time of the transfer, on 30 March 2022, there was no Commission decision finding that the United States ensured an adequate level of protection for the personal data of EU citizens. Furthermore, the Commission has neither demonstrated nor claimed that there was an appropriate safeguard, in particular a standard data protection clause or contractual clause,” the verdict of the Court says.
“The displaying of the ‘Sign in with Facebook’ hyperlink on the EU Login website was entirely governed by the general terms and conditions of the Facebook platform. The Commission did not, therefore, comply with the conditions set by EU law for the transfer by an EU institution, body, office or agency of personal data to a third country,” the Court adds.
Therefore, the European Commission has to pay the plaintiff €400 for suffering non-material damage.
“The Commission takes note of the judgment and will carefully study the Court’s judgment and its implications,” a spokesperson of the European Commission told Reuters.
Your email address will not be published. Required fields are marked