PL

Index — four groups of tags

Tags

Every case in the database is tagged along four axes: what happened, who was affected, how we know it happened, what the penalty was. The tag structure makes patterns visible that individual cards do not.

Full tag pages with case listings are available in the Polish edition. English tag descriptions follow.

What happened

  • Data transfers

    Unlawful movement of personal data across jurisdictions, typically EU→US without valid legal basis. Schrems I, Schrems II, Meta €1.2B fine.

  • Behavioral advertising

    Ads personalized from inferred user interests tracked across sites. Meta €390M fine; basis-of-processing cases.

  • Face recognition

    Identification of individuals from photographs without consent. Clearview AI (50+ billion photos), police use cases, wrongful arrests.

  • Location tracking

    Continuous logging of physical movement via GPS, Wi-Fi, cell towers. Google Location History, Carpenter v US (2018).

  • Addictive design

    Infinite scroll, autoplay, streaks, intermittent reward. Meta whistleblower disclosures, TikTok teen addiction lawsuits.

  • Dark patterns

    Interface design that misleads users into choices against their interest. CNIL rulings, DPC enforcement.

Who was affected

  • Children

    Violations specific to minors — COPPA, GDPR children protections, child-directed content, targeting. TikTok €345M, Amazon Alexa COPPA $25M, YouTube COPPA $170M.

  • Journalists

    Platforms used against press — NSO/Pegasus targeting, Uber "God View" tracking of reporters, content suppression.

  • Activists

    Dissidents, protesters, civil-society members. Pegasus Project, Chinese Uyghur surveillance, X/Twitter account bans.

  • Employees

    Tech-company workers themselves — whistleblowers, NDA cases, internal revolts (Dragonfly, Haugen, Fowler, Zatko).

  • Political targets

    Voters, campaigns, political actors. Cambridge Analytica psychographic targeting, Russian influence ops.

How we know

  • Regulator decisions

    Formal findings by DPC (Ireland), CNIL (France), Garante (Italy), BfDI (Germany), FTC (US), ICO (UK).

  • Court rulings

    CJEU (Court of Justice of the EU), US federal and state courts, national courts. Schrems I, Schrems II, Carpenter.

  • Whistleblower disclosures

    SEC filings, Congressional testimony, sworn depositions. Haugen, Zatko, Fowler, Snowden.

  • Investigative journalism

    Verified reporting by major outlets — NYT, Guardian, Observer, BuzzFeed, Forbes, Intercept, ProPublica.

  • Academic research

    Peer-reviewed papers. Citizen Lab Pegasus analysis, IMDEA Networks Local Mess, Cambridge AICHE studies.

What the penalty was

  • Record fine

    Largest-in-history penalties. Meta €1.2B (GDPR, 2023), Facebook $5B (FTC, 2019).

  • Class-action settlement

    Collective civil lawsuits. Brown v. Google estimated $5B, Zoom $85M, Lane v. Facebook $9.5M.

  • Structural remedy

    Beyond cash — mandatory audits, consent-board orders, operational change. FTC 2011 & 2019 Facebook consent orders.

  • Criminal charge

    Individual criminal liability. Joe Sullivan (Uber CSO) convicted 2022 — conviction is extremely rare in tech privacy cases.

  • Operational ban

    Full prohibition on processing. Hamburg vs. Clearview (2020), Italian Garante vs. ChatGPT (brief, 2023).

See also: Polish tag index with case counts and links.