06 Selected interesting cases – 08 Selected interesting cases – Belgium 86 from other EU member states 130 EU DisinfoLab fined for processing and classifying tweets Consent-pay solution 131 and Twitter accounts according to political orientation 87 Lack of evidence of fraudulent use does not affect Company fined for restoring data on a former the classification of a breach 132 managing director’s work laptop 88 Is information about private relations sensitive CCTV operator fined for illegally installing cameras 89 personal data? 134 Private individuals fined for installing video cameras Grindr preliminarily fined for 100 million NOK on private property 90 for consent solution 135 Music company wrongfully fined for management SCHREMS II 137 of musician’s social media fan page 91 Deliveroo fined 2.5 million EUR for not informing Meta Platforms Ireland Ltd. fined for unlawful about automated processing 138 data processing 92 Meta tracking tools found to breach EU rules on Beverage company fined for using eID cards to data transfers 139 create customer loyalty cards 94 Italian DPA bans Chat GPT 140 Medical laboratory fined for several GDPR violations 96 Pseudomized data might not be personal data if the Employer reprimanded for discussing sensitive recipient has no means of re-identifying the data subject 142 personal data about an employee during internal Meta fined 405 million EUR for not handling HR meeting 98 teenagers’ data appropriately 144 School fined for processing data about minors without parental consent 99 09 Methods and Scope 145 07 Selected interesting cases – Methods and Scope 146 Denmark 100 About ComplyCloud 147 Publication of old club magazines 101 Processing of personal data in the context of online competitions 102 Serious criticism for processing personal data about website visitors 104 The dating service’s legal basis and personal data security 106 Næstved municipality: Public interest and cookies 108 Unauthorized access to video surveillance 109 Complaint about failure to erase 110 Gladsaxe Municipality: Court ruling in the Gladsaxe case 112 Transmitting sensitive information through text message 114 Serious criticism for insufficient testing of a software update 115 Sub-processor refused to provide data to the controller 116 Criticism of failure to fulfill information obligations 117 Authorization for municipalities to use the AI profiling 119 The Chromebook Case 1 120 The Chromebook Case 2 121 The Chromebook Case 3 123 The Chromebook Case 4 124 Serious criticism for unintended changes to shared medical record 125 University’s use of a monitoring program for online exams 126 FysioDanmark: Use of facial recognition system 127 DBA: Right to refuse a request for erasure 129 5