EU DisinfoLab – €2,800 Fine (Belgium, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Belgium fined EU DisinfoLab EUR 2,800 for mishandling Twitter data in a political analysis. The NGO published sensitive data without proper security, risking discrimination against individuals. This case shows the need for NGOs to secure personal data and be transparent about its use.
What happened
EU DisinfoLab published an analysis using Twitter data without securing or anonymizing it, exposing sensitive information.
Who was affected
Individuals whose Twitter accounts were analyzed, including those with political, religious, or personal data, were affected.
What the authority found
The Belgian authority found that EU DisinfoLab violated privacy rules by not securing data and failing to inform individuals about its use.
Why this matters
This ruling underscores the importance of data security and transparency, especially for organizations handling sensitive information. It warns NGOs and similar entities to implement strong data protection measures.
GDPR Articles Cited
The Belgian DPA has fined the NGO EU DisinfoLab EUR 2,700. In 2018, the NGO published an analysis to identify the possible political origin of tweets circulating on a particularly heated controversy in France, the 'Benalla affair.' For the analysis, the organization had processed the data of 55,000 Twitter accounts, of which more than 3,300 had been classified as political. The raw data obtained from this was then published without taking minimal security precautions, such as pseudonymizing the data. The DPA noted that publication of the data could potentially expose data subjects to the risk of discrimination or discredit because of the non-anonymized political profiling. In addition, the files also contained information about the religious beliefs, ethnic origin, or sexual orientation of the individuals whose accounts were analyzed. For this reason, the DPA concluded that several obligations of the GDPR, such as lawfulness of processing, transparency to data subjects, and data security, were violated.
Related Enforcement Actions (0)
No other enforcement actions found for EU DisinfoLab in BE
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
27 January 2022
Authority
Autorité de Protection des Données
Fine Amount
€2,800
Enforcement Tracker ID
ETid-1023
About this data
Cite as: Cookie Fines. EU DisinfoLab - Belgium (2022). Retrieved from cookiefines.eu
Last updated: