this post was submitted on 09 Jan 2025
81 points (100.0% liked)

Europe

1738 readers
576 users here now

News and information from Europe 🇪🇺

(Current banner: La Mancha, Spain. Feel free to post submissions for banner images.)

Rules (2024-08-30)

  1. This is an English-language community. Comments should be in English. Posts can link to non-English news sources when providing a full-text translation in the post description. Automated translations are fine, as long as they don't overly distort the content.
  2. No links to misinformation or commercial advertising. When you post outdated/historic articles, add the year of publication to the post title. Infographics must include a source and a year of creation; if possible, also provide a link to the source.
  3. Be kind to each other, and argue in good faith. Don't post direct insults nor disrespectful and condescending comments. Don't troll nor incite hatred. Don't look for novel argumentation strategies at Wikipedia's List of fallacies.
  4. No bigotry, sexism, racism, antisemitism, dehumanization of minorities, or glorification of National Socialism.
  5. Be the signal, not the noise: Strive to post insightful comments. Add "/s" when you're being sarcastic (and don't use it to break rule no. 3).
  6. If you link to paywalled information, please provide also a link to a freely available archived version. Alternatively, try to find a different source.
  7. Light-hearted content, memes, and posts about your European everyday belong in !yurop@lemm.ee. (They're cool, you should subscribe there too!)
  8. Don't evade bans. If we notice ban evasion, that will result in a permanent ban for all the accounts we can associate with you.
  9. No posts linking to speculative reporting about ongoing events with unclear backgrounds. Please wait at least 12 hours. (E.g., do not post breathless reporting on an ongoing terror attack.)

(This list may get expanded when necessary.)

We will use some leeway to decide whether to remove a comment.

If need be, there are also bans: 3 days for lighter offenses, 14 days for bigger offenses, and permanent bans for people who don't show any willingness to participate productively. If we think the ban reason is obvious, we may not specifically write to you.

If you want to protest a removal or ban, feel free to write privately to the mods: @federalreverse@feddit.org, @poVoq@slrpnk.net, or @anzo@programming.dev.

founded 6 months ago
MODERATORS
federalreverse@feddit.org
poVoq@slrpnk.net
anzo@programming.dev
81
In a first, EU Court fines EU for breaching own data protection law (www.reuters.com)
submitted 1 day ago by HowRu68@lemmy.world to c/europe@feddit.org
15 comments fedilink hide all child comments
top 15 comments
sorted by: hot top controversial new old
[–] timestatic@feddit.org 1 points 42 minutes ago

Makes me wonder where the fines go to 🤔

[–] General_Effort@lemmy.world 7 points 15 hours ago* (last edited 15 hours ago)

TLDR: On the web-pages of the European Commission, you could sign up for an event. There existed the option to sign up with Facebook. On one occasion, this lead to a connection with servers in the US. That is interpreted as a transfer of personal data. Since this is a transfer of personal data outside the EU, beyond the reach of the GDPR, this requires special handling. (I'm not sure why this request was routed via the US.)

This is probably surprising to many. There is a myth out there that it is enough not to collect personal data. But you also are responsible if data is collected by other parties to which you link on a site. This is a potential problem for Lemmy instances. Of course, instances also share data via federation, which should not be done without a contract, especially outside the EU.

[–] SubArcticTundra@lemmy.ml 16 points 1 day ago

That's what the Rule of Law looks like 🤷‍♀️

[–] HowRu68@lemmy.world 14 points 1 day ago* (last edited 1 day ago)

If I get this correctly, this outcome will speed-up and strengthen privacy protection .

Am not sure how to read what happened though; whether the EU gave Meta the info, or that the data was handed automatically to Meta because the citizen enrolled via Facebook. Either way.the EU should have safeguarded the citizen's privacy, it seems.

[–] NoneOfUrBusiness@fedia.io 8 points 1 day ago (1 children)

Question: What happens when the EU fines itself? Like who pays money to who?

[–] HK65@sopuli.xyz 12 points 1 day ago

The EU pays damages to some German guy, since their government site transferred his data to Facebook without permission.

[–] General_Effort@lemmy.world 6 points 1 day ago (1 children)

Press release from the court with link to full judgement: https://curia.europa.eu/jcms/upload/docs/application/pdf/2025-01/cp250001en.pdf

[–] HowRu68@lemmy.world 13 points 1 day ago (1 children)

Tnx , I found it helpful:

tl;dr : The EU must safeguard under all circumstances the privacy of EU citizens and should do so actively.

" However, as regards that person’s registration for the ‘GoGreen’ event, the General Court finds that, by means of the ‘Sign in with Facebook’ hyperlink displayed on the EU Login webpage, the Commission created the conditions for the transmission of his IP address to Facebook. That IP address constitutes personal data which, by means of that hyperlink, were transmitted to Meta Platforms, an undertaking established in the United States. That transfer must be imputed to the Commission.

At the time of that transfer, on 30 March 2022, there was no Commission decision finding that the United States ensured an adequate level of protection for the personal data of EU citizens. Furthermore, the Commission has neither demonstrated nor claimed that there was an appropriate safeguard, in particular a standard data protection clause or contractual clause. 5 The displaying of the ‘Sign in with Facebook’ hyperlink on the EU Login website was entirely governed by the general terms and conditions of the Facebook platform. The Commission did not, therefore, comply with the conditions set by EU law for the transfer by an EU institution,body, office or agency of personal data to a third country.

[–] General_Effort@lemmy.world 1 points 1 day ago (1 children)

That's not how I would sum it up. You understand that lemmy is also in violation, yes?

[–] HowRu68@lemmy.world 3 points 1 day ago* (last edited 1 day ago) (3 children)

You understand that lemmy is also in violation, yes?

Do you mean below mentioned issue?

Lemmy@World instance servers are in the EU. I think in The Netherlands, so they must comply. On the otherhand it's federated, so messages are copied. Lemmy isn't as big a platform as Meta, so the rules are less strict, iirc.

[–] blue@feddit.org 1 points 1 hour ago

As far as I understand it, with federation only your username and the content of your posts and comments is transferred to other instances, which is not personal identifiable information

[–] General_Effort@lemmy.world 2 points 22 hours ago (1 children)

On the otherhand it’s federated, so messages are copied.

Yes, personal data. That's a problem. And when that data is copied to the US, then it's a problem similar to what got the EC fined here.

Lemmy isn’t as big a platform as Meta, so the rules are less strict, iirc.

Not quite. GDPR applies equally to everyone. There are some finer points, but that didn't matter in this case.

[–] HowRu68@lemmy.world 2 points 17 hours ago* (last edited 17 hours ago) (1 children)

Not quite. GDPR applies equally to everyone. There are some finer points, but that didn't matter in this case.

True that, the "G " in GDPR (General Data Protection Regulation) means everyone must abide.

So While Lemmy doesn't fall in DSA ( Digital Servcie Act) it still needs to comply with GDPR. For more info Similarities and Differences between the GDPR and Other European Laws

[–] General_Effort@lemmy.world 1 points 17 hours ago

A small platform like Lemmy is exempt from much of the DSA but far from all of it.

[–] SubArcticTundra@lemmy.ml 1 points 1 day ago

Lemmy is too small of a fish for prosecution to make sense