Is this odd or what? The EU Court ordered the European Commission to pay a fine for sharing an IP Address!

GovInfoSecurity.com reported that “European privacy regulation - bane of American technology companies and a favorite cudgel of activists - came to haunt no less an organization than the European Commission, which must pay 400 euros to an aggrieved German national.”  The January 8, 2025 article entitled “European Court Fines European Commission for Privacy Breach” (https://www.govinfosecurity.com/european-court-fines-european-commission-for-privacy-violation-a-27247?rf=2025-01-09_ENEWS_SUB_GIS__Slot1_ART27247&mkt_tok=MDUxLVpYSS0yMzcAAAGX6teIF_4kajDaT1MatKgkjlPWFiIoe0-E9AczK9vS1h0pQUl3QR_8qe1MUJEKuaV_QcaW78sc1vBcZWzJNpVBkYoIb1s09664R6CTbMwQjZYtCM2spg) included these comments:

…per the Court of Justice of the European Union, which on Wednesday ordered the commission to open its pocketbook for Munich resident Thomas Bindl, who became peeved that Silicon Valley-based Facebook obtained his IP address. Bindl in March 2022 registered for a commission-hosted conference on the future of Europe using his Facebook account, selecting a login option offered by conference organizers.

At the time, Europe lacked a legal framework authorizing commercial data flows to the U.S. Such frameworks, meant to guarantee European privacy rights even while data is stored outside the trade bloc, have sputtered out twice over the past decade in the face of opposition from privacy activists who convinced the Court of Justice of the European Union that they weren't strict enough. The latest version is the EU-U.S. Trans-Atlantic Data Privacy Framework - and it already faces legal challenges. A top European official in 2022 gave it a "7 or 8 out of 10 chance" of surviving.

Turmoil has resulted in periods of commercial data flow legal interregnums, including in March 2022, following a July 2020 ruling by the CJEU invaliding EU-U.S. Privacy Shield, the second attempt at creating a lasting legal basis for trans-Atlantic commercial data flows. Bindl was likely more aware than the average European of the Privacy Shield's fall, since he's founder of the "European Society for Data Protection," a service that refers victims of GDPR violations to attorneys in return for a chunk of the settlement.

The CJEU acknowledged in its judgment that Bindl could have chosen another way to register for the conference besides using his Facebook account, an argument made by European Commission attorneys. Trade bloc residents can create an "EU Login" account for accessing services and not depend on a third party, such as Facebook. If anybody initiated a transfer of data to Facebook, the commission argued, it was Bindl. The German man said Facebook received his IP address, which under European law is considered private data.

Interesting, what do you think?