Details:

Summary The Belgian DPA has fined a researcher EUR 1,200. The fine was issued in connection with another fine against the NGO EU DisinfoLab. The researcher was employed at the NGO. In 2018, the NGO published an analysis to identify the possible political origin of tweets circulating on a particularly heated controversy in France, the ‘Benalla affair.’ For the analysis, the organization had processed the data of 55,000 Twitter accounts, of which more than 3,300 had been classified as political. The raw data obtained from this was then published without taking minimal security precautions, such as pseudonymizing the data. The DPA noted that publication of the data could potentially expose data subjects to the risk of discrimination or discredit because of the non-anonymized political profiling. In addition, the files also contained information about the religious beliefs, ethnic origin, or sexual orientation of the individuals whose accounts were analyzed. For this reason, the DPA concluded that several obligations of the GDPR, such as lawfulness of processing, transparency to data subjects, and data security, were violated.
Link: link link
Related articles:  Art. 5 (1) a), c), f) GDPR, Art. 6 (1) GDPR, Art. 9 GDPR, Art. 12 GDPR, Art. 14 GDPR, Art. 32 GDPR
Type: Non-compliance with general data processing principles
Fine: EUR 1,200
Sector Individuals and Private Associations

 

All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/

Tags: case law