By AJ Dellinger Published January 8, 2025 | Comments (1) | GDPR illustration featuring a lock surrounded by the 12 gold stars of the European Union Alain Pitton/NurPhoto via Getty Images The European Union has investigated itself and foundactual wrongdoing! For the first time ever, the EU has been found to have violated its own privacy rules established by the General Data Protection Regulation (GDPR) and will have to pay a fine, per a ruling handed down by the EU General Court. The victim of the EUs brazen disregard for the law was a German citizen who used the Sign in with Facebook option when registering for a conference through a European Commission webpage. When the user clicked that button, data about their device, browser, and IP address were transferred through a content delivery network managed by Amazon Web Services and eventually found its way to servers operated by Facebooks parent company Meta Platforms in the United States. The court determined this transfer of data took place without proper safeguards, which amounts to a breach of GDPR rules, and the EU was ordered to pay a fine of 400 (about $412) directly to the person who brought the case. GDPR, the reason that every website now asks you if youd like to accept cookies, has been a thorn in the sides of tech companies since first going into effect back in 2018. The set of stringent data privacy rules designed to regulate the amount of personal data that companies can collect from users and give individuals more control over how their information is accessed and used has been the impetus for a number of major penalties paid out by Big Tech firmsparticularly Meta.Just last year, Meta got slapped with a $1.3 billion fine for failing to sufficiently protect the data of European users from American intelligence agencies when transferring the data to US servers. Previously, Meta got hit with a $417 million fine under GDPR rules for violating the privacy of underage users on Instagram and $232 million for failing to transparently disclose how it processes WhatsApp data. While Meta isnt alone in getting these slightly pricey wrist slaps (Amazon got itself a $887 million penalty in 2021, for example), its fitting that it was a Facebook login option that got the EU in hot water with itself.GDPR has been a bit of a mixed bag since its implementation. Its undoubtedly grabbed some headlines with major fines aimed at Silicon Valley giants. But enforcement can take forevereven the EUs first self-imposed fine for violating one persons privacy took over two years to process. More than three in four data protection authorities have complained of a lack of budget and personnel to track down violations, and there is plenty of evidence to suggest that the byzantine list of laws has not actually done much to curb the invasive practices of surveillance capitalism. The EU has some work to do. Maybe it can start by following its own rules.Daily NewsletterYou May Also Like By Lucas Ropek Published January 8, 2025 By Todd Feathers Published October 29, 2024 Tech NewsTech Policy European Courts Find U.S. Cant Be Trusted to Process and Store Data By Shoshana Wodinsky Published July 16, 2020 Tech NewsPrivacy and Security European Authorities Ban Dirty Cookie Practices in GDPR Update By Shoshana Wodinsky Published May 6, 2020