(AGENPARL) – mer 08 gennaio 2025 PRESS RELEASE No 1/25
Luxembourg, 8 January 2025
Judgment of the General Court in Case T-354/22 | Bindl v Commission
The General Court orders the Commission to pay damages to a visitor to its
‘Conference on the Future of Europe’ website as a result of the transfer of
personal data to the United States
By means of the ‘Sign in with Facebook’ hyperlink displayed on the EU Login webpage, the Commission created
the conditions for transmission of the IP address of the individual concerned to the US undertaking Meta
Platforms
A citizen living in Germany complained that the Commission had infringed his right to the protection of his personal
data when, in 2021 and 2022, he visited the website of the Conference on the Future of Europe, 1 which is managed
by the Commission. Specifically, he had registered for the ‘GoGreen’ event through that website using the
Commission’s EU Login authentication service, having selected the option of signing in using his Facebook account.
According to the individual concerned, during his visits to that website his personal data, including his IP address
and information about his browser and terminal, were transferred to recipients established in the United States.
The data were, he claims, transferred to the US undertaking Amazon Web Services, in its capacity as operator of the
content delivery network Amazon CloudFront, which was used by the website in question. Moreover, when he
registered for the ‘GoGreen’ event using his Facebook account, his personal data were transferred to the US
undertaking Meta Platforms, Inc.
However, according to the individual concerned, the United States do not have an adequate level of protection. He
maintains that those transfers gave rise to a risk of his data being accessed by the US security and intelligence
services. The Commission had not indicated any of the appropriate safeguards that might justify those transfers.
On that basis, he seeks payment of €400 in compensation for the non-material damage which he claims to have
sustained because of the transfers at issue.
He also seeks annulment of the transfers of his personal data, a declaration that the Commission unlawfully failed
to define its position on a request for information and an order that the Commission pay him €800 in compensation
for the non-material damage which he claims to have sustained as a result of the infringement of his right of access
to information.
The General Court dismisses the application for annulment as inadmissible and finds that there is no longer any
need to adjudicate on the claim for a declaration of failure to act. The General Court also dismisses the claim for
damages based on infringement of the right of access to information, finding that there is no non-material damage
as alleged.
As regards the claim for damages based on the disputed transfers of data, the General Court dismisses that claim in
relation to the transfers of data via Amazon CloudFront.
Communications Directorate
Press and Information Unit
curia.europa.eu
The General Court finds that, during one of the connections at issue, data were transferred, according to the
principle of proximity, 3 to a server 4 located in Munich in Germany, rather than to the United States. According to
the contract concluded between the Commission and the Luxembourg undertaking, Amazon Web Services, which
manages Amazon CloudFront, Amazon Web Services was required to ensure that data remain, at rest and in transit,
in Europe.
In the case of another connection, it was the individual concerned who was responsible for its redirection, via the
Amazon CloudFront routing mechanism, to servers in the United States. As a result of a technical adjustment, he
appeared to be located in the United States.
However, as regards that person’s registration for the ‘GoGreen’ event, the General Court finds that, by means of the
‘Sign in with Facebook’ hyperlink displayed on the EU Login webpage, the Commission created the conditions for the