A recent CJEU judgement involving an online pharmacy ("Lindenapotheke") has held that data which can indirectly reveal information about a person's health must be treated as health data under the GDPR ...