The Danish Tax Agency used personal data collected from the October 2021 Twitch data breach (see https://www.videogameschronicle.com/news/the-entirety-of-twitch-has-reportedly-been-leaked/) for tax control purposes, according to this publication from the agency https://sktst.dk/publikationer/mange-fejl-med-indberetning-af-indtaegter-fra-streaming (in Danish).
What is not considered in the report: can personal data obtained from a clearly unlawful dissemination (a data breach) be lawfully processed by another controller, in this case a public authority? #GDPR
=> More informations about this toot | More toots from je5perl@eupolicy.social
@je5perl What if they took the cases to court, as they're threatening in that press release; would they be able to use the leaked material as evidence?
=> More informations about this toot | More toots from fuglede@mastodon.social
@fuglede Probably yes with the "free evidence" principle in the Danish court system. However, it would be really interesting if a Twitch user affected by the data breach filed a complaint with the Data Protection Authority demanding erasure of unlawfully collected personal data.
=> More informations about this toot | More toots from je5perl@eupolicy.social
@fuglede A related question is whether the Tax Agency can (lawfully) buy location data from data brokers for its AI systems (see https://ugeavisen.dk/indland/skats-overvaagning-kan-potentielt-afsloere-din-praecise-lokalitet) if this personal data has been unlawfully collected from smartphone apps? After the discussion about data brokers started in mid April, the Minister for Taxation was quick to clarify that the use of geolocation data in their AI systems was limited to geolocation from IP addresses (so the data broker connection turned out to be hypothetical).
=> More informations about this toot | More toots from je5perl@eupolicy.social
@je5perl Also, could the data possible have been tampered with by a third party, before the Danish officials got whole of it?
And yeah, can the Danish officials not be prossicuted for accessing illegal data?
=> More informations about this toot | More toots from MGraversen@helvede.net
@MGraversen Tampering is certainly possible when the data was leaked on 4chan. The controller (tax agency) will have a hard time demonstrating compliance with the data accuracy requirements of the GDPR.
But good luck with holding Danish authorities responsible for anything..🤮
=> More informations about this toot | More toots from je5perl@eupolicy.social This content has been proxied by September (3851b).Proxy Information
text/gemini