They can't even follow their own rules:
A top court has ordered the European Union's top executive authority to pay €400 (around $410) in damages to a German citizen for breaching its own data protection laws.
In a statement, the EU General Court said the European Commission violated the citizen's rights by transferring some of his personal data to the United States without proper safeguards.
The court said the German citizen registered for a conference, managed by the European Commission, using the "Sign in with Facebook" option on the conference's website. But the citizen said information about his IP address, browser and device were transferred to companies in the United States — namely Amazon, which hosts the conference's website, and Meta, which owns Facebook — which the citizen said violated his rights under the bloc's data privacy rules.
The European Commission committed a "sufficiently serious breach" of the rules that cover the 27 European nations, the EU General Court ruled on Wednesday. Reuters, which first reported the news, said the fine is a first for the European Commission.
The European Union has investigated itself and found ... actual wrongdoing ! For the first time ever, the EU has been found to have violated its own privacy rules established by the General Data Protection Regulation (GDPR) and will have to pay a fine, per a ruling handed down by the EU General Court.
The victim of the EU's brazen disregard for the law was a German citizen who used the "Sign in with Facebook" option when registering for a conference through a European Commission webpage. When the user clicked that button, data about their device, browser, and IP address were transferred through a content delivery network managed by Amazon Web Services and eventually found its way to servers operated by Facebook's parent company Meta Platforms in the United States. The court determined this transfer of data took place without proper safeguards, which amounts to a breach of GDPR rules, and the EU was ordered to pay a fine of €400 (about $412) directly to the person who brought the case.
[Source]: GIZMODO
« Iron-Nitride Magnets Eliminate Need for Rare Earths | TSMC's Wafer Pricing Now $18,000 for a 3nm Wafer, Increased Over 3X in 10 Years »
Related Stories
Politico reports:
Hillary Clinton never received training on how to handle classified information. By her own admission, she had little ability to discern whether a document included sensitive information. And when she did handle sensitive materials, she relied on her subordinates to ensure that nothing important was compromised.
Taken together, her responses to questions from FBI [US' Federal Bureau of Investigation] investigators reveal a high-level government executive who apparently had little grasp of the nuances and complexities around the nation's classification system — a blind spot that helped allow classified communications to pass through her private email server.
While Clinton is clear that she never had any intention to mishandle classified documents, a fact that FBI Director James Comey noted as a factor in his decision not to recommend any charges against the former secretary of state, answers she gave to FBI agents during a July 2 interview are likely to reinforce the Republican characterization of her as having been reckless with government secrets.
Bloomberg reports that Clinton Used Eight BlackBerrys, but [the] FBI Couldn't Get Them:
In addition to the eight devices she used as secretary of state, the FBI said there were at least five additional mobile devices they sought as part of their inquiry. Clinton's lawyers said they could not provide any of the mobile devices she used. One person interviewed by the FBI said he recalled two instances in which Clinton's devices were destroyed by "breaking them in half or hitting them with a hammer." The FBI released the summary Friday to provide context on its decision not to recommend prosecution of Clinton or her aides for using the private system. The Democratic presidential nominee was interviewed about her use of private e-mail by FBI agents and federal prosecutors for 3 1/2 hours on July 2. The bureau then recommended that the Justice Department not pursue criminal charges.
(Score: 2, Insightful) by Anonymous Coward on Thursday January 09, @04:46PM
Recognize: there is a *cost* to selling your users out to large mega-corps.
Time the entities who do so start paying that cost.
(Score: 4, Insightful) by looorg on Thursday January 09, @05:22PM (7 children)
So the EU institutes rules, breaks said rules, fines itself. All paid by more tax money from the membership nations. Yay! OK it was only €400. But still. Somehow I don't think the EU as an institution lost any money or any sleep over their transgression. They didn't feel the fine or had to basically adjust or do anything. In that regard lessons learn equal to zero. It was just one number from column A moved over the column B. They are after all already living in fantasy land fueled by burning tax money on crap and constantly trying to grab more and more power for themselves. The Beast from Brussels.
(Score: 5, Insightful) by aafcac on Thursday January 09, @06:11PM (1 child)
The fact that they were willing to fine themselves anything is the big deal. But, we'll have to see if they are more careful about their own compliance in the future.
(Score: 2) by aafcac on Thursday January 09, @06:34PM
Never mind, I think I misread the summary.
(Score: 4, Touché) by JoeMerchant on Thursday January 09, @06:47PM (3 children)
> I don't think the EU as an institution lost any money or any sleep over their transgression. They didn't feel the fine or had to basically adjust or do anything.
I disagree. Far more troubling to them than the fine is the press coverage. By going through the motions of paying the fine they are acknowledging the importance of EVERYONE following the rules and - while unlikely to become instantly perfect from that moment forward - I do believe they will be improving their handling of protected data in the future.
> They are after all already living in fantasy land fueled by burning tax money on crap
We all know they're a branch of government, why are you redundantly restating the obvious?
> constantly trying to grab more and more power for themselves.
Which is why we have transparency, elections, and hopefully those elections are driving for more transparency and keeping power grabs out there with pussy grabs in the realm of "things that elected leaders just don't do..." Well, er, um... yeah.
🌻🌻 [google.com]
(Score: 2) by quietus on Friday January 10, @01:24PM (2 children)
Maybe the press coverage was the aim -- of the European Commission -- here.
What this ruling effectively says is that a government institution within the EU cannot use a non-EU authentication mechanism: the moment you store an IP address of an EU citizen for longer than the duration of his or her session -- on a non-EU server, located in a country which has no safe harbour/data shield agreement with the EU, you're in breach -- and you'll run the risk of serious fines.
What this comes down to is a huge business opportunity for software firms in the EU: the logical conclusion is that all US-based SaaS offerings will become off-limits for EU governments AND businesses, and hence will need an EU version (see also my linky in another post about Office365 becoming problematic).
(Score: 2) by JoeMerchant on Friday January 10, @02:29PM (1 child)
The logical conclusion is that all US-based SaaS offerings will become physically EU hosted for their EU clients.
Small move for a big company, big problem for little startups.
🌻🌻 [google.com]
(Score: 2) by quietus on Friday January 10, @03:03PM
I don't know: remark that the cited problems here are with Facebook [authentication] and Microsoft [cloud storage]: often times big companies have to implement expensive and convoluted solutions to achieve what is trivial for small companies.
It ain't that hard when your database is small -- and its structure is reasonably clear -- to move it onto a cluster of foreign servers. When your database is huge and has had scores of contractors (and managers) working on it -- with the classical extensive, detailed and above all, correct, documentation -- it isn't so easy anymore. You might even forget how your authentication really works, for example [acm.org].
(Score: 3, Insightful) by stormreaver on Friday January 10, @12:46PM
This ruling tells everyone else who attended that a lawsuit will result in a win. If they all sued, it may change behavior.
(Score: 4, Informative) by quietus on Thursday January 09, @08:33PM (1 child)
The European Commission's heavy reliance on Office365 could also be in breach of data privacy rules, according to the EU's own privacy watchdog: it has ordered them to bring their use of Microsoft's software in compliance. [euractiv.com]
(Score: 2) by quietus on Friday January 10, @01:34PM
This is actually very interesting. I was involved with Google Apps installations when they started out -- in the days before GDPR. There was a lot back-and-forth with the local data protection authority back then (2012), which resulted in Google having to promise in writing that local government's data would be kept on servers within the EU.
If I understand this news correctly -- a big if, as the news is only based on (semi?)leaked internal documents -- this could mean that that promise has become a strict requirement, EU wide: which does not bode well for foreign SaaS offerings.