A major court has ordered the highest executive authority of the European Union to pay €400 (about $410) in damages to a German citizen for violating its own data protection laws. The EU General Court stated that the European Commission breached the citizen’s rights by transferring some of his personal data to the United States without proper safeguards.

According to the court, the German citizen signed up for a conference organized by the European Commission, using the “Sign in with Facebook” option on the conference’s website. However, the citizen claimed that his IP address, browser, and device information were sent to companies in the United States, specifically Amazon (which hosts the conference’s website) and Meta (Facebook’s owner), violating his rights under the EU’s data privacy regulations.

The EU General Court ruled on Wednesday that the European Commission had committed a “sufficiently serious breach” of the data privacy rules that apply to the 27 European nations. Reuters was the first to report the news and mentioned that this fine marks a first for the European Commission. The EU’s data protection regulations, known as GDPR, are among the strictest data privacy rules globally, allowing for fines of up to 4% of an organization’s annual turnover for rule violations.