EU Commission Faces Data Privacy Lawsuit

A lawsuit before the General Court of the European Union claims that the European Commission failed to disclose a data breach properly to EU citizens. The alleged breach occurred when the website Conference of the Future of Europe registered people for an event on its website using Amazon Web Services, which automatically transfers personal information such as the IP address to the U.S. That is ipso facto a violation of the Schrems II verdict issued in July 2020 that prevents businesses from carrying out basic data transfers to non-EU countries. Additionally, the EU Commission’s website allegedly let users log in through their Facebook accounts, a further violation of Schrems II. Facebook and Amazon are not defendants, but it is assumed that the EU commission will include documents from Amazon in its response. Facebook is under investigation by the Irish Data Protection Commissioner for illegally transferring personal data to the U.S.