Luxembourg (Brussels Morning Newspaper) – Court of Justice of the European Union ruled that the EU Commission must pay compensation to a user due to improper data transfers to the United States.
The court has ordered the European Commission to pay €400 damages to a website user. It is the ruling based on the unauthorized transfer of personal data to the U.S., thereby violating the EU’s data protection law. The General Court discovers that data were transferred in one of the contested connections; the General Court considers that principle of proximity to a server located in Munich, Germany, rather than to the United States.
In this consideration, as per the agreement concluded between the EU Commission and the Luxembourg undertaking, Amazon Web Services, which handles Amazon CloudFront, Amazon Web Services was responsible for ensuring that data was kept, both at rest and in transit, within Europe.
How was the user’s data transferred to the United States?
A national living in Germany complained that the EU Commission had violated his right to the security of his data when, in 2021 and 2022, he browsed the website of the Conference on the Future of Europe, 1, which the EU Commission operates. Particularly, he had applied for the ‘GoGreen’ event via that website utilizing the Commission’s EU Login authentication service, having set the choice of signing in using his Facebook account.
In accordance with the individual concerned, during his access to that website, his personal data, along with his IP address and details regarding his browser and terminal, were moved to recipients based in the United States. The information was, he asserts, transferred to the US, embarking Amazon Web Services in its ability as operator of the content delivery network Amazon CloudFront, which was utilized by the website in query. By registering with his Facebook account for the ‘GoGreen’ event, he transferred his personal data to Meta Platforms.