Belgium
Merchant
10,000 €
GDPR enforcement action by Belgian Data Protection Authority (APD) on 2019-09-17.
Rank · Sector
#208
of 595 in Industry and Commerce
Rank · Belgium
#24
of 50
Rank · All fines
#1,312
of 3,042
Case details
- Authority
- Belgian Data Protection Authority (APD)
- Date
- 2019-09-17
- Controller / Processor
- Merchant
- Sector
- Industry and Commerce
- Quoted Articles
- Art. 5 (1) c) GDPR
- Type of violation
- Non-compliance with general data processing principles
Summary
The Belgian data protection authority has imposed a fine of 10,000 euros on a merchant who wanted to use an electronic identity card (eID) to create a customer card. The DPA's investigation revealed that the merchant required access to personal data located on the eID, including the photo and barcode which is linked to the data subject's identification number. In the meantime, the decision of the data protection authority has been annulled by a court: https://www.gegevensbeschermingsautoriteit.be/sites/privacycommission/files/documents/Arrest_190220.pdf
Open original source
Links to the regulator's original publication or another source.
Related fines
Belgium
2020-07-14
600,000 €
ETid-344
Google Belgium SA
Media, Telecoms and Broadcasting
Belgium
2022-04-04
200,000 €
ETid-1116
Brussels Airport Zaventem
Transportation and Energy
Belgium
2024-12-17
200,000 €
ETid-2521
Hospital
Health Care
Belgium
2026-05-12
177,000 €
ETid-3172
Technology Company
Employment
Belgium
2024-01-16
174,640 €
ETid-2225
Black Tiger Belgium
Industry and Commerce
Belgium
2026-05-12
120,000 €
ETid-3174
Isabel SA
Finance, Insurance and Consulting