The Danish Tax Agency used personal data collected from the October 2021 Twitch data breach (see https://www.videogameschronicle.com/news/the-entirety-of-twitch-has-reportedly-been-leaked/) for tax control purposes, according to this publication from the agency https://sktst.dk/publikationer/mange-fejl-med-indberetning-af-indtaegter-fra-streaming (in Danish).
What is not considered in the report: can personal data obtained from a clearly unlawful dissemination (a data breach) be lawfully processed by another controller, in this case a public authority? #GDPR
=> More informations about this toot | View the thread | More toots from je5perl@eupolicy.social
=> View gdpr tag This content has been proxied by September (3851b).Proxy Information
text/gemini