An ’embarrassing’ leak shows the European Union has fallen short of its own data protection laws.
The European Commission’s website has published 700 records, including the names, addresses and mobile numbers of conference attendees, according to a report.
Officials in Brussels admitted the authority that designed the rules is not itself compliant with the General Data Protection Regulation (GDPR).
The Commission has previously warned that those who breach these rules, which came into force last week, could face millions in fines.
Following the leak, a spokesperson said the authority was exempt from GDPR laws for ‘legal reasons’.
An ’embarrassing’ leak shows the European Union has fallen short of its own data protection laws. The European Commission’s website has published 700 records, including the names, addresses and mobile numbers of its citizens, according to a report (stock image)
Officials in Brussels will follow a similar set of new laws that ‘mirror’ those laid out in GDPR.
These rules will not enter force until autumn, according to the Telegraph.
The spokesperson added that the Commission is ‘taking and will continue to take all the necessary steps to comply’.
GDPR aims to strengthen and unify data protection for all individuals within the EU, which means cracking down on how companies use and sell user data.
Under GDPR, companies are required to report data breaches within 72 hours, as well as allow customers to export their data and delete it.
Companies scrambled to comply with the rules before they were ratified on May 25 with the Commission threatening hefty fines for those who breached them.
The bureaucracy’s website exposed 700 records that include people’s names, professions, and even some postcodes and addresses.

Officials in Brussels admitted the authority that designed the rules is not itself compliant with the General Data Protection Regulation. GDPR aims to strengthen and unify data protection for all individuals within the EU (stock image)
The records, some of which featured the private information of Britons, were collected during EU meetings and conferences and stored on data spreadsheets.
Tech website Indivigital found the documents are among thousands hosted by the website Europa.eu that are freely accessible online.
Many of them could be found by simply searching for the document on Google.
This leak would constitute a breach of GDPR rules were the blunder committed by other organisations or businesses.
Fines for such a breach can reach up to £17.5 million ($23 million) or four per cent of global turnover – whichever is largest.
Jon Baines, a data protection expert at law firm Mishcon de Reya, described the ‘irony’ of the EU’s admission.
‘Although the information disclosed here does not appear to be particularly sensitive, it does raise questions about the general level of compliance, and whether any further inadvertent disclosures have been made,’ he told the Telegraph.
Steve Gailey, security expert at database security firm Exabeam, added that the exposure ‘is embarrassing for the EU, coming hot on the heels of GDPR’.