Belgium
SA Rossel & Cie
GDPR enforcement action by Belgian Data Protection Authority (APD) on 2022-06-16.
Case details
- Authority
- Belgian Data Protection Authority (APD)
- Date
- 2022-06-16
- Controller / Processor
- SA Rossel & Cie
- Sector
- Media, Telecoms and Broadcasting
- Quoted Articles
- Art. 6 (1) a) GDPR, Art. 7 (1) GDPR, Art. 12 (1) GDPR, Art. 13 GDPR, Art. 14 GDPR
- Type of violation
- Insufficient legal basis for data processing
Summary
Original fine summary: The Belgian DPA has imposed a fine of EUR 50,000 on the media company SA Rossel & Cie. During its investigation, the DPA found GDPR violations on three websites operated by the company. For instance, the company had placed cookies that were not required without the consent of the website visitors. Also, the company considered visiting other websites as consent for further cookie placement on these pages. In addition, the boxes for the consent of third-party cookies were already pre-ticked. Furthermore, the cookie policy was incomplete and difficult to access for the visitor. Finally, the DPA found that the company was placing new cookies despite users revoking their cookie consent. Update: On February 22th, 2023, the fine has been overturned by the Market Court.
Related fines