fbpx

Download free GDPR compliance checklist!

Tag Archives for " Belgium "

Belgian DPA imposes a €600,000 fine on Google Belgium for non-compliance with right to be forgotten

On 14 July 2020, the Belgian DPA imposed a fine of EUR600,000 on Google Belgium SA/NV (Google Belgium) for not respecting a Belgian resident’s right to be forgotten. This is the highest fine ever imposed by the Belgian DPA.

The complainant, an executive at an unnamed large company, had requested the removal of 12 URLs which he considered to be harmful to his reputation. These URLs concerned, on the one hand, search results regarding alleged links with a certain political party, and on the other hand, a harassment complaint declared unfounded in 2010. As Google had refused to remove several of the concerned links, the complainant referred the case to the Belgian DPA.

Source: Belgium: Belgian DPA imposes a EUR600,000 fine, its highest fine ever, on Google Belgium for non-compliance with right to be forgotten

Belgian Data Protection Authority Imposes Fine on Non-Profit Organization for Unlawful Direct Marketing Practices

On May 29, 2020, the Litigation Chamber of the Belgian Data Protection Authority  imposed a fine of €1,000 on a non-profit organization.

The decision followed a complaint filed by an individual who continued to receive promotional materials from the organization after he had objected to the processing of his contact details for direct marketing purposes and had requested that the organization erase his data from its database.

Source: Belgian Data Protection Authority Imposes Fine on Non-Profit Organization for Unlawful Direct Marketing Practices

Belgian Authority Raises Red Flag for DPOs with Multiple Roles

Following its investigation of a personal data breach, the Belgian Data Protection Authority (DPA) issued a ruling on April 28, 2020, imposing a €50,000 fine on an organization for negligence in having appointed the company’s head of compliance, risk and audit as its data protection officer (DPO).

Notably, the DPA highlighted that the organization had not implemented a policy defining the DPO’s role until at least July 2019. Although such a policy had been prepared, the DPA indicated that such preparation alone was not enough to demonstrate the DPO’s independence.

Source: Belgian Authority Raises Red Flag for DPOs with Multiple Roles

Belgian DPA Sanctions Company for Non-Compliance with the GDPR’s DPO Requirements

On April 28, 2020, the Litigation Chamber of the Belgian Data Protection Authority imposed a €50,000 fine on a company for non-compliance with the requirements under the General Data Protection Regulation related to the appointment of a data protection officer.

In its decision, the Litigation Chamber of the Belgian DPA upheld the alleged infringement of the GDPR’s DPO requirements (in particular Article 38(6) of the GDPR), arguing that by appointing the Head of the Compliance, Risk Management and Audit department as DPO, the company had failed to comply with its obligation to ensure that its DPO is free from any conflict of interest.

Source: Belgian DPA Sanctions Company for Non-Compliance with the GDPR’s DPO Requirements | Privacy & Information Security Law Blog

Belgian DPA Releases Guidance Materials and FAQs on Cookies and Other Tracking Technologies

On April 9, 2020, the Belgian Data Protection Authority  released guidance and a set of frequently asked questions regarding the use of cookies and other tracking technologies.

Main elements regarding use of cookies and other tracking technologies, in accordance with FAQs, are: transparency (users must be informed about the use of cookies), consent (consent should be obtained for the use of all non-essential cookies) and cookie lifespan (the lifespan of a cookie must be limited to what is necessary to achieve the cookie’s purpose and cookies should not have an unlimited lifespan).

Read more: Belgian DPA Releases Guidance Materials and FAQs on Cookies and Other Tracking Technologies

Brussels Court of Appeal overrules first DPA fine to a private company

On Feb. 19, the Brussels Court of Appeal overruled one of the first decisions of the Belgian Data Protection Authority in a case involving the use of an electronic ID to get a loyalty card.

The Brussels Court of Appeal held that the customer did not give her identity card and, consequently, there was no processing of her data. Therefore, according to the court, the DPA did not demonstrate an actual personal data breach.

The court still underlined there was no prejudice for a customer because they could not get a loyalty card and therefore get a discount. There is no prejudice when one possible extra benefit is lost. It would have been different if the reading of the electronic ID was required to exercise a legal or contractual right.

Source: Brussels Court of Appeal overrules first DPA fine to a private company

The Belgian DPA Publishes Recommendation on Direct Marketing

The Belgian Data Protection Authority (DPA) published Recommendation  providing Guidance on direct marketing.

The Recommendation provides a methodology on how to comply with the General Data Protection Regulation (GDPR) when conducting direct marketing. The Recommendation applies to all kinds of promotions, including sales and advertising, and is not limited to promotions of a commercial nature.

Source: The Belgian Data Protection Authority Publishes Recommendation Concerning Data Processing for Direct Marketing Purposes

Belgian Data Protection Authority Releases Direct Marketing Recommendation

On February 10, 2020, the Belgian Data Protection Authority  published its Recommendation on data processing activities for direct marketing purposes.

With this Recommendation, the Belgian DPA aims to clarify the complex rules relating to the processing of personal data for direct marketing purposes, including by providing practical examples and guidelines to the different stakeholders involved in direct marketing activities.

Read full article: Belgian Data Protection Authority Releases Direct Marketing Recommendation

Belgian Supervisory Authority Imposes Cookie Fine

On December 17, 2019, the Belgian Supervisory Authority imposed a fine of €15,000 on an company operating a legal information website with approximately 35,000 unique monthly visitors for violations regarding use of cookies.

According to supervisory authority, company provided insufficient information about the cookies deployed on the website. Moreover, the cookie policy was only available in English, whereas the website targeted Dutch and French-speaking readers.

Further, the website did not obtain opt-in consent for certain types of cookies used, including first-party analytics cookies, and where consent was obtained, it was not sufficiently granular. Also, there was no easy way for users to withdraw consent.

Source: Belgian Supervisory Authority Imposes Cookie Fine

Belgian DPA: Requiring Customers to Allow Their ID Cards To Be Scanned To Receive Loyalty Cards Violates GDPR

Asking to read an electronic ID card as a condition for the provision of a service (issuing a rewards/loyalty card) is disproportionate and in violation of GDPR, says the Belgian data protection authority. The company was fined €10,000.

Source: Belgian DPA: Requiring Customers to Allow Their ID Cards To Be Scanned To Receive Loyalty Cards Violates GDPR

1 2 3 4
>