Media center

News

The European Commission has been fined for the first time for violating the GDPR

Materials

News

The European Commission has been fined for the first time for violating the GDPR

Alexey Kononov
Lawyer

January 12, 2025

EU

The European Commission has been fined for the first time for violating the GDPR

The European Commission has agreed to pay a fine of 400 euros to a German citizen following an investigation by the German Federal Commissioner for Data Protection and Freedom of Information (BfDI).

Reason for the fine:

  • The violation was related to the use of the Matomo analytics tool on the European Commission website.

  • The tool stored users' IP addresses without proper anonymization, which is contrary to the principles of the GDPR.

  • This is the first time that an EU institution has paid a fine for violating personal data processing rules.

What does this mean?

  • Liability for EU institutions: EU institutions can now be held liable for violating the GDPR. There have been similar cases before – for example, in 2021, the European Parliament faced criticism over incorrect cookie banners.

  • **A new wave of technical reviews: **companies must carefully check the analytics tools they use. Even if the service is positioned as “GDPR-compliant”, it is necessary to ensure strict anonymization of the data.

  • **Symbolic fine vs. real punishment: **The maximum fine for EU institutions under Regulation 2018/1725 is 50,000 euros. This is incomparable with the multi-billion euro sanctions against the private sector, which calls into question the fairness of the regulation.

  • **Strengthening citizen control: **This case shows that citizens can successfully challenge the practices of even large public institutions. Similar complaints have previously led to litigation, such as the case against the French app TousAntiCovid (2022).

"Despite the small amount, this event confirms that the regulation applies even to its creators, strengthening citizens' trust in data protection.
However, this raises the issue of double standards: private companies pay billions in fines, while EU institutions get away with symbolic sanctions.
To preserve its reputation, the EU needs to reconsider this imbalance and introduce tougher fines for public authorities and large corporations. "

By contacting us, you will receive:

  • Consultation on GDPR compliance and data protection.

  • Consultation on the correct use of analytical tools and cookies.

  • Analysis of risks and vulnerabilities when working with personal data in the EU.

  • Support in proceedings and filing complaints about GDPR violations.

  • Development of a compliance strategy to comply with local and international acts on the protection of personal data.

Alexey Kononov
Lawyer
The European Commission has been fined for the first time for violating the GDPR

Stay in the loop

All news

country

25.1.2025

New MiCA licenses in the EU

New MiCA licenses in the EU
country

12.1.2025

The European Commission has been fined for the first time for violating the GDPR

The European Commission has been fined for the first time for violating the GDPR

All news

Mauritius

Panama

South Africa

Turkey

Russia

CIS

Belarus

Azerbaijan

Cross-jurisdiction projects

Uzbekistan

Libya

Kyrgyzstan

Kazakhstan

Estonia

Egypt

Cyprus

China

Brazil

EU

USA

El Salvador

Vietnam

Bahrain

Qatar

Oman

UAE

Saudi Arabia

India

Malaysia

Indonesia

Singapore

Hong Kong