EU DisinfoLab

Description

The Belgian DPA has fined the NGO EU DisinfoLab EUR 2,700. In 2018, the NGO published an analysis to identify the possible political origin of tweets circulating on a particularly heated controversy in France, the 'Benalla affair.' For the analysis, the organization had processed the data of 55,000 Twitter accounts, of which more than 3,300 had been classified as political. The raw data obtained from this was then published without taking minimal security precautions, such as pseudonymizing the data. The DPA noted that publication of the data could potentially expose data subjects to the risk of discrimination or discredit because of the non-anonymized political profiling. In addition, the files also contained information about the religious beliefs, ethnic origin, or sexual orientation of the individuals whose accounts were analyzed. For this reason, the DPA concluded that several obligations of the GDPR, such as lawfulness of processing, transparency to data subjects, and data security, were violated.