For the first time, the EU General Court has ruled that the European Commission must pay compensation to a German citizen for violating data protection regulations, Reuters reports. This is the first time an EU institution has been held financially liable for non-compliance with the General Data Protection Regulation (GDPR).

The court found that the Commission had unlawfully transferred the citizen’s personal data to the United States without proper safeguards. As a result, the Commission must pay 400 euros ($412) in compensation.

The incident occurred after the citizen used the “Sign in with Facebook” option on the EU authorization page to register for a conference. The court ruled that the transfer of the user’s IP address to Meta Platforms, Facebook’s parent company in the United States, violated the GDPR rules on data transfers outside the EU.

“The Commission takes note of the judgment and will carefully study the Court’s judgment and its implications,” said a spokesman for the European Commission.

Since its implementation in 2018, the GDPR has resulted in significant fines for large companies for non-compliance. Among them are Meta, LinkedIn, and Klarna, which have faced multimillion-dollar fines for violating data protection regulations.

This precedent may increase the responsibility of EU institutions to comply with their own data protection rules and change the bloc’s approach to the transfer of personal information in the future.