APD/GBA (Belgium) - 71/2022
From GDPRhub
| APD/GBA - 71/2022 | |
|---|---|
 | |
| Authority: | APD/GBA (Belgium) |
| Jurisdiction: | Belgium |
| Relevant Law: | Article 5(1)(c) GDPR Article 5(1)(a) GDPR Article 5(2) GDPR Article 6(1) GDPR Article 12 GDPR Article 21(2) GDPR Article 21(4) GDPR |
| Type: | Investigation |
| Outcome: | Violation Found |
| Started: | 14.10.2020 |
| Decided: | 04.05.2022 |
| Published: | 04.05.2022 |
| Fine: | 10000 EUR |
| Parties: | NMBS |
| National Case Number/Name: | 71/2022 |
| European Case Law Identifier: | n/a |
| Appeal: | n/a |
| Original Language(s): | Dutch |
| Original Source: | Beslissing ten gronde 71/2022 van 4 mei 2022 (in NL) |
| Initial Contributor: | Enzo Marquet |
The Belgian DPA fined the Belgian National Railway €10.000 because it added promotional information in a service message. This resulted the promotion message being classified as direct marketing. Neither consent nor an opt-out button were present.
English Summary
Facts
A person tweeted an image of a newsletter they had received by the NMBS (Belgian National Railway). Following on that tweet, the DPA initiated an investigation on the data processing activities of the NMBS.
Their inspection of the DPA noted several issues: - There was no way to unsubscribe to the newsletter - There was no legal basis to send the newsletter - There were less intrusive ways to reach the purposes of the newsletter (informing passengers). - There were no appropriate technical and organisational measures put into place to ensure the processing complied with the GDPR.
The NMBS claims the newsletter was sent based on its terms and conditions: to inform passengers of the protective measures taken against the spread of the corona virus e.g. sanitary safety. As a governmental body, they also have this duty to inform passengers.
Holding
The DPA does not contest the intentions of informing the data subjects. However, the newsletter included more information than just the safety measures. The purpose of the newsletter was as such broader than purely informing the data subjects of the measures. It included (indirect) promotions of services and products. The newsletter must thus be classified as direct marketing and falls outside the scope of Article 6(1)(b).
Since the newsletter is classified as direct marketing, the NMBS breaches Article 12(2), Article 21(2) and Article 21(4) by not providing an adequate way to opt-out and by not informing the data subjects.
The DPA holds that the NMBS did not have a legal basis to send the newsletter to the data subjects and breaches Article 5(1) and article 6(1). Additionally, there were less intrusive ways to reach the purpose of informing them e.g. publication on their website. The processing of personal data was not necessary.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Dutch original. Please refer to the Dutch original for more details.
1/29
Dispute room
Decision on the merits 71/2022 of 4 May 2022
File number: DOS-2020-04750
Subject : Newsletter Hello Belgium Railpass NMBS
The Disputes Chamber of the Data Protection Authority, composed of Mr Hielke Hijmans,
chairman and Messrs Yves Poullet and Frank De Smet;
Having regard to Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 on
the protection of natural persons with regard to the processing of personal data and
on the free movement of such data and repealing Directive 95/46/EC (General
Data Protection Regulation), hereinafter GDPR;
Having regard to the law of 3 December 2017 establishing the Data Protection Authority, hereinafter WOG;
Having regard to the internal rules of procedure, as approved by the Chamber of Representatives
on December 20, 2018 and published in the Belgian Official Gazette on January 15, 2019;
Having regard to the documents in the file;
has made the following decision:
The defendant: NATIONAL COMPANY OF BELGIAN RAILWAYS (“NMBS”), nv
of public law, with registered office at Francestraat 56, 1060
Brussels, registered with the Crossroads Bank for Enterprises (CBE) in Brussels,
under number 0203.430.576, hereinafter referred to as “the defendant”, Decision on the merits 71/2022 - 2/29
I. Fact-finding procedure
1. On 14 October 2020, the GBA received a notification from a Twitter user about a newsletter they
received from NMBS about the Hello Belgium Railpass. The Hello Belgium Railpass is a
ticket with a number of free train rides that are free of charge to Belgian residents on request
was provided. According to the person who made the report, the newsletter did not contain any possibility to
deregistration thereof.
2. On 19 October 2020, the Inspectorate decided to bring the case before
pursuant to Article 63, 6° WOG because serious indications could be established about the existence
of a practice that could give rise to a breach of the fundamental principles of protection
of personal data.
3. The inspection will be completed by the Inspectorate on 9 November 2020, the report will be submitted to the
file is added and the file is transferred by the Inspector General to the Chairman of
the Disputes Chamber (art. 91, § 1 and § 2 WOG).
4. The report contains the following findings:
• The newsletter sent by e-mail was not necessary for the execution of the agreement
(by requesting the Hello Belgium Railpass) between the defendant and the travelers involved. er
a different way of publishing the newsletter could have been chosen. There was
moreover, there is no legal basis for the processing of the personal data, since
the sending of the newsletter by e-mail did not fulfill the agreement between
defendant and the passengers. There are no appropriate technical and organizational measures
taken to ensure and demonstrate that the processing took place in accordance with the GDPR.
According to the Inspectorate, this leads to a violation of Articles 5.1, a) and c) and 5.2 of the GDPR,
Article 6.1 of the GDPR, Article 24.1 of the GDPR and Articles 25.1 and 25.2 of the GDPR;
• The right to object was not facilitated by the defendant while the targeted emails
can be regarded as “direct marketing” which constitutes infringements of Article 12. 2
of the GDPR and Articles 21. 2, 21.3 and 21.4 of the GDPR.
The report also contains findings regarding the data protection officer:
• The DPO did not report to senior management
body within the defendant's organization.
• The job description, number of working hours per week, and access to resources by the
data protection officer were found to be sufficient by the Inspectorate. The
Opinions provided by the officer in the context of the targeted e-mails sent was, Decision on the substance 71/2022 - 3/29
according to the Inspectorate, also sufficient to assume that the legal obligation
the level of advice was met.
Therefore, the Inspectorate establishes an infringement of Article 38.3 of the GDPR, but no infringement
on Article 38. 1, 38.2 and 38.6 of the GDPR and no infringement of Article 39 of the GDPR.
5. On February 19, 2021, the Disputes Chamber will decide on the basis of art. 95, § 1, 1° and art. 98 WOG that it
file is ready for processing on the merits.
6. On February 19, 2021, the defendant will be notified of the provisions as referred to in Article 95,
§ 2, as well as those in art. 98 WOG. It is also on the basis of art. 99 WOG notified
the time limit for submitting its defences.
7. The latest date for receipt of the defendant's statement of defense set at 2
Apr 2021.
8. On March 4, 2021, the defendant will request a copy of the file, and the defendant will accept electronically
all communication regarding the case and he indicates that he wishes to make use of the possibility
to be heard, in accordance with article 98 WOG. (art. 95, §2, 3° WOG) the file was
transferred on March 17, 2021.
Conclusion of the defendant's answer
9. On April 2, 2021, the Disputes Chamber will receive the statement of defense from the defendant.
10. According to the defendant, she received the e-mail containing the newsletter about the Hello Belgium Railpass
sent lawfully. Defendant argues that the e-mails were sent in the context of the
execution of the agreement between applicants/users of the Hello Belgium Railpass and
defendant. The intended processing of personal data was therefore, according to the defendant,
necessary for the execution of the agreement pursuant to Article 6.1 sub b GDPR and for the sanitary
to ensure passenger safety. The conditions for using the Hello Belgium
Railpass together with the General Conditions of Carriage are part of the
transport contract with the passengers. Moreover, according to the defendant, it was necessary that the
emails were sent given the precarious situation at the time, with a second wave in the
Covid-19 epidemic in Belgium was coming and everyone therefore had to be extra alert in order to prevent the
to ensure safety on the trains. In order to reach the travelers in time, NMBS was therefore
forced to send applicants the newsletter by e-mail. The disclaimer of the email
According to the defendant, it contained clear information about the intended purpose of the e-mail, namely the
inform passengers about how the Railpass is used as correctly and optimally as possible
had to be. According to the defendant, the principle of minimum
data processing in accordance with article 5.1 sub c, as there is no realistic and less intrusive
alternatives were available to give effect to the agreement., Decision on the merits 71/2022 - 4/29
11. Moreover, according to the defendant, the targeted e-mail did not constitute direct marketing in the sense of the article
21.2 GDPR because the email was not intended to directly or indirectly promote goods,
services or the image of SNCB. The e-mail was part of the implementation of the government tasks of
SNCB and these tasks are excluded from the term 'direct marketing'. Now that there is no direct
marketing and processing took place on the basis of Article 6.1, b (performance of the agreement),
According to the respondent, this means that the right of objection as laid down in Article 21.1 AVG does not
applies to. In addition, the disclaimer of the e-mail regarding the Hello Belgium Railpass
according to the defendant, clearly a hyperlink to the privacy statement of NMBS. The involved
were therefore informed of the rights available to them.
12. The defendant further argues that the determination of the Inspectorate, according to which the officer
data protection would not report directly to the highest management body
within NMBS, is incorrect. Defendant makes it clear that the data protection officer
reports to the CEO of SNCB, both periodically and ad hoc. The CEO is chairman of the
Executive Committee as well as of the Executive Committee. Therefore, the officer reports for
data protection fully in accordance with Article 38.3 to the highest body within NMBS and there is
according to the defendant, there is no violation of this article.
13. On 14 February 2022, the parties are notified that the hearing will be held on
February 28, 2022.
14. On February 28, 2022, the parties will be heard by the Disputes Chamber.
15. The minutes of the hearing will be submitted to the parties on March 16, 2022.
16. On March 23, 2022, the Dispute Chamber will receive the defendant's comments regarding
until the official report. Defendant notes the following with regard to the representation in the proceedings-
verbal: the communication that is the subject of the present procedure does not concern a newsletter
but communication addressed to holders of the Hello Belgium Railpass. Defendant is from
believes that the emphasis in the official report is placed on the first part of the
communication containing the message “rediscover more than 500 destinations in Belgium”.
According to the defendant, the foregoing is not consistent with what was submitted at the hearing by
Defendant. In the Defendant's opinion, all elements in the communication should be regarded as equivalent
The representation of what was not explained by the defendant during the hearing is according to
defendant is also incomplete. Each of the components of the communication was aimed at spreading
of travelers, encouraging them to use the Move Safe App and correctly pre-
completing the Railpass to avoid aggression against personnel and to facilitate control. The
The Disputes Chamber emphasizes that the response to the trial story does not reopen the debates,
but that the representation of this reaction is useful in this case, for a better understanding of the position of the
defendant., Decision on the merits 71/2022 - 5/29
17. On March 16, 2022, the Disputes Chamber notified the defendant of its intention to
to proceed with the imposition of an administrative fine, as well as the amount thereof
in order to give the defendant another opportunity to defend itself, before the sanction becomes effective
imposed.
18. On April 8, 2022, the Disputes Chamber will receive the defendant's response to the intention to
1
imposing an administrative fine, as well as the amount thereof.
II. Justification
II.1. Compliance with the principles governing the processing of personal data (Articles 5.1 and
5.2 GDPR) and the lawfulness of the processing (Article 6.1 GDPR)
19. The processing of personal data is only lawful if it is based on one of the conditions set out in Article
2
6.1 GDPR listed legal bases.
The Inspectorate has established that the processing of personal data of travelers who
e-mail, containing a newsletter about the Hello Belgium Railpass, happened without a valid
legal basis. In contrast to the defendant who believes that he can legally invoke
Article 6.1.b GDPR, namely the execution of an agreement, the Inspection Service is of the opinion that
that is not the case. According to the Inspectorate, the processing of personal data of
train passengers by sending a communication via e-mail not necessarily for the implementation or
preparation of the contract between the defendant and the applicants/travellers of the Hello
Belgium Railpass. In addition, the processing was not necessary since the defendant had
may choose to disseminate the information through other channels such as its website. The
according to the Inspectorate, processing was therefore not based on one of the provisions set out in Article 6.1 of the GDPR
listed legal grounds and, according to the Inspectorate, was in violation of Article 6.1 of the GDPR.
1
See point 68 of this decision.
2Article 6.1subbGDPR:“The processing is only lawful and subject to at least one of the following conditions
is completed:
a) the data subject has consented to the processing of his/her personal data for one or more specific
purposes;
b) the processing is necessary for the performance of a contract to which the data subject is a party, or to
of the data subject before the conclusion of a contract;
c) the processing is necessary for compliance with a legal obligation incumbent on the controller;
d) the processing is necessary to protect the vital interests of the data subject or of another natural person
to protect;
e) the processing is necessary for the performance of a task carried out in the public interest or of a task carried out in the context of the
exercise of official authority vested in the controller;
f) the processing is necessary for the representation of the legitimate interests of the controller
or of a third party, except where the interests or fundamental rights and freedoms of the data subject
require the protection of personal data outweigh those interests, in particular where the data subject has a
child.”, Decision on the merits 71/2022 - 6/29
20. Defendant invokes the performance of the agreement (Article 6.1 (b) GDPR) that NMBS/SNCB has with the
the person concerned has. According to the defendant, the reliance on this legal ground is lawful since the
legal conditions under NMBS/SNCB are fulfilled: there is a valid agreement with the
The data subject and the processing is objectively necessary for the execution of the agreement.
21. Defendant makes it clear that the decision to provide a free Hello Belgium Railpass to
Belgian residents was a decision taken by Royal Decree “with a view to the
3
recovery of the Belgian economy and the promotion of rail as public transport”.
22. The Hello Belgium Rail Passes could be used from October 5, 2020. This moment coincided
with the “second wave” of the Covid-19 epidemic becoming increasingly critical. There was a large number
rail passes requested and issued, so that NMBS could expect problems (again) on
certain stations. In its submission, the defendant also submits a number of newspaper articles from which
it appears that there was already concern among its management when the Hello Belgium Railpass was announced
on the impact of the initiative on the sanitary safety of staff and travellers. To
for the aforementioned reasons, the start of the validity period of the Hello Belgium Railpass according to
defendant postponed twice.
23. In view of the situation described, according to the defendant, there was a need to do everything possible
to ensure that this runs smoothly and where possible to avoid crowds. According to the defendant,
therefore decides that: “(i) sending a communication to the holders (and thus to the expected
users) of the Hello Belgium Railpass was necessary to support the existing initiatives of SNCB
to avoid crowds and to draw attention to the conditions for using the ticket
and (ii) that this was the only possible way to reach the travelers (on time).
24. Defendant states by conclusion that the conditions for the use of the HelloBelgium Railpass
together with the General Conditions of Carriage of NMBS, the contract of carriage with the
applicant/traveler. According to the defendant, these General Conditions of Carriage are
available on the NMBS website and are listed in the footnote on every page of the website
displayed. In view of the foregoing, according to the defendant, there is therefore a legally valid
agreement between SNCB and the applicant for the Hello Belgium Railpass.
25. The endorsed e-mail that the defendant sent to the applicants for the Hello Belgium Railpass
contains the following text:
(i) “Rediscover more than 500 destinations in Belgium” accompanied by a “Find inspiration” button;
3Royal Decree of 28 July 2020 amending the Royal Decree of 21 December 2013 establishing the provisional
rules that apply as a management contract of Infrabel and NMBS, Belgian Official Gazette 31 July 2020: “In the Royal Decree of 21 December 2013 to
adoption of the provisional rules that apply to the management contract of Infrabel and SNCB, as last amended by the decree of 9
April 2020, an article 4/5 will be inserted, which reads as follows: "Art. 4/5.§1. In response to the COVID-19 crisis, wildfederalState
to promote the use of rail transport, the tourist, recreational, cultural and economic sectors by, on the one hand, the
Ask NMBS to distribute a new free ticket for domestic passenger transport, i.e. de12-TRAJECTS-PASS,
and by temporarily allowing the bicycle to be taken on the train for free, Decision on the merits 71/2022 - 7/29
(ii) “MoveSafe app: your safety” accompanied by a button “Download the app”
(iii) “Ready for your first trip?”;
(iv) “Any questions? Consult our FAQ on how to use your Hello Belgium Railpass”, accompanied
of a button 'View the conditions';
(v) The message “We wish you pleasant journeys with your Hello Belgium Railpass!”
(vi) Disclaimer
“With the above communication, NMBS wants to inform you about how you can use your Hello
Belgium Railpass correctly and as optimally as possible. NMBS processes your personal data
data to implement the agreement based on the Hello Belgium Railpass
consists. You will find more details about how SNCB processes your personal data and about your rights
4
at www.nmbs.be/privacy”
26. In Article 4.1 GDPR, personal data is defined as: “Any information about an identified
or identifiable natural person.” In this case you have the majority of the applicants for the Hello
Belgium Railpass provided their name and e-mail address. This is personal data within the meaning of
article 4.1 GDPR. Article 4.2 contains the definition of a processing, which reads: 'processing': a
operation or set of operations on personal data or set of
personal data, whether or not carried out by automated processes, such as collection,
record, organize, structure, store, update or modify, retrieve, consult, use,
provide by transmission, distribution or otherwise make available,
align or combine, shield, erase or destroy data. The applicants
personal data provided were (initially) collected by the defendant and used for the
processing the Railpass application. Therefore, there is a processing of
personal data within the meaning of Article 4.2 GDPR.
27. According to the defendant, the targeted e-mail from NMBS should be regarded as "an official"
reminder of some of the essential terms of the contract of carriage with the traveler,
in particular the obligation to use the ticket correctly and to always
to monitor their own safety. Both obligations cannot be fulfilled by all
simultaneously to the obvious (coastal) destinations. †
28. First of all, the Disputes Chamber points out that for a successful appeal to Article 6.1.b GDPR
it is necessary that there is an agreement to which the person concerned is a party and that the
processing is a necessary consequence of the agreement. In this case it should therefore be
assessed whether the targeted e-mail can be regarded as a necessary corollary of the
contract of carriage between the applicants for the railpass and the defendant.
4
See Appendix 1 to this decision for the targeted e-mail in its entirety, Decision on the merits 71/2022 - 8/29
29. For the Disputes Chamber there is no doubt that guaranteeing the sanitary safety of the
train herons is a necessary element for the performance of the agreement in question.
However, the e-mail also contains general information (which is rather promotional in nature) in which not only
and specifically communicated about the sanitary situation at that time and the
precautions to be taken to ensure safety. Becomes
reported the large number of applications for a Hello Belgium Railpass. However, this is -
as described above - not the only information given in the email. The text below
For example, the section “Rediscover more than 500 destinations in Belgium” reads:
Nearly 3.6 million Belgians have applied for a Hello Belgium Railpass. They are right! je
must of course be able to explore our country in complete safety. Get inspired
through our blogs that are overflowing with ideas to go on a city trip, to go out in the
nature, with family or with friends… You will find something for everyone in Belgium!
30. The Disputes Chamber rules - in accordance with the findings of the Inspectorate - that
the e-mail therefore also contains general promotional information that does not relate to the specific
sanitary situation. Therefore, according to the Disputes Chamber, the e-mail can be sent, other than by the defendant
argued, should not be classified as “An official reminder of some of the essential
conditions of the contract of carriage with the traveler, in particular the obligation to
to use the transport ticket correctly and to always monitor his own safety as a passenger ...”. The
After all, the newsletter contains, in addition to a reference to the Move Safe app and announcements about the correct
use of the Hello Belgium Railpass, also blogs to get inspiration to visit certain places
to discover.
31. The Disputes Chamber also rules that the information contained in the e-mail can equally well be
processing of the personal data of applicants for the Hello Belgium Railpass could have been
to happen. The Inspectorate has established that the defendant also provided the aforementioned information
had published his website https://www.belgiantrain.be. The content of the e-mail had
The Disputes Chamber is not of such an urgent nature, because it would suffice in this specific case
to publish on the website and/or the SNCB application, given its content.
5https://www.belgiantrain.be/nl of the VV which were taken on 27/10/2020 by the Inspectorate.
See the screenshots of the website on the next page, Decision on the merits 71/2022 - 9/29
In this regard, the Disputes Chamber refers to the Guidelines of the European Committee for
Data Protection (EDPB) on Article 6.1. b which states: “What the
data protection legislation, data controllers should
take into account that the foreseen processing activities must have an appropriate legal basis
to have. When the agreement consists of several separate services or parts of
a service that can in fact reasonably be provided independently of each other, the question arises
to what extent Article 6(1)(b) can serve as a legal basis. In accordance with the
principle of proportionality, the applicability of Article 6(1)(b) must be assessed in the Decision on the merits 71/2022 - 10/29
context of each of those services separately, looking at what is objectively needed is milk
of the individual services that the data subject has actively performed or
reported. This assessment may show that certain processing activities are not necessary
are requested by the data subject for individual services, but rather are necessary for the
broader business model of the controller. In that case, Article 6(1)(b)
not be a legal basis for those activities. However, there may be other legal bases for those
processing are available, such as Article 6(1)(a) or (f), provided that the relevant
criteria are met.”
32. The EDPB further points out that an agreement defines the categories of personal data or the
type of processing operations necessary for the performance of the agreement whereby the
data subject is not allowed to artificially expand. It is also pointed out that
what is covered by an agreement depends not only on the perspective of the
controller, but also the reasonable expectations of the data subject. A very
strict application is therefore appropriate in view of the high degree of precision of this legal basis.
33. Although not strictly necessary, since SNCB invokes Article 6.1.b, the
Disputes Chamber ex officio and superfluously whether the defendant possibly has a successful appeal
accrues to the legal bases of Article 6. 1 c, e and f of the GDPR. The Disputes Chamber notes that
for the intended processing, the defendant invoked Article 6.1 b, (the implementation of the
agreement) but on the other hand also stated: "Secondly, the e-mail regarding the Hello
Belgium Railpass within the implementation of the government tasks of SNCB. NMBS has a
public service obligation for domestic passenger transport by rail. like higher
mentioned, NMBS was instructed by the Royal Decree on 28 July 2020 to issue the Hello Belgium Rail Passes
To make available to the Belgian population to provide train journeys for which this title
could be used.” Defendant was instructed by the King to dispose of the Rail passenger
and had to process personal data for this to process the requests for Rail Passes
The Royal Decree, however, does not contain any clearly defined provisions
about the further processing of the personal data after the applications have been processed. One
any appeal to article 6.1 sub c cannot succeed for this reason alone.
34. Article 6. 1e contains the legal basis task of general interest or a task for the implementation of the
public authority. As already indicated above, this legal ground also applies that there is
must be necessary for the processing. The Disputes Chamber does not consider it plausible that the
(content of the) e-mail was necessary to carry out the task of general interest (making available
of the Hello Belgium Rail Passes).
35. The Disputes Chamber points out in this regard that in accordance with Article 6.3 GDPR, read in
coherence with Article 22 of the Constitution and in the light of Articles 7 and 8 of the European
6
EDPB, Guidelines 2/2019 on the processing of personal data pursuant to Article 6(1)(b) of the GDPR in
within the framework of the provision of online services to data subjects,8 October 2019., Decision on the merits 71/2022 - 11/29
Charter of Fundamental Rights, a legislative standard, the essential characteristics of data processing
must establish what is necessary for the performance of a task in the public interest or for the
exercise of official authority entrusted to the controller. Qe7
Litigation room emphasizes that the processing involved should be framed by a standard that
sufficiently clear accurate is foreseeable of the application for the persons involved
is. In accordance with Article 6.3 GDPR, the precise purpose(s) of the processing in the legal
standard itself. The foregoing was not the case in this case. In addition, do not come
to establish that the e-mails sent were necessary for the implementation of the Royal Decree.
This stipulates that the defendant can do the necessary and limit the use of the Railpass or
terminate in case of force majeure. The Covid-19 epidemic and its consequences are not in sight
discussion. However, according to the Disputes Chamber, the e-mails sent were - as already stated in the
decision - not necessary for the mere provision of the Hello Belgium
Rail passes, as a result of which a possible appeal to Article 6.1 e cannot succeed.
36. The legal basis of legitimate interest is laid down in Article 6.1 fAVG. The Disputes Chamber investigates
or the further processing of the personal data of the railpass applicants in this case
may have been lawful under the aforementioned provision. To determine this, the
controller in accordance with the case law of the Court of Justice
Which:
1) the interests they pursue with the processing can be justified as legitimate
recognized (the “target test”)
2) the intended processing is necessary for the realization of those interests
(the “necessity test”)
3) balancing those interests against the interests, fundamental freedoms and
fundamental rights of data subjects weighs in favor of the
controllers or a third party (the “balancing test”).
37. First of all, the question is what interest and purpose the controller with the further
processing of the personal data (target test). Due to the personal data of the
to use those involved to send them an email mainly promoting the railpass,
According to the Disputes Chamber, the defendant's aim was, among other things, to
to encourage the railpass to travel. The promotion of the railpass by becoming a defendant
regarded as a (commercial) legitimate interest.
38. In order to satisfy the second condition, it must be demonstrated that the processing
was necessary for the achievement of the objectives pursued
7
See also the advice of the Knowledge Center of the GBA 36/2020, 42/2020, 44/2020, 46/2020, 52/2020 and
64/2020(https://www.dataprotectionauthority.be/burger/zoeken?q=&search_category%5B%5D=taxonomy%3Apublicati
us&search_type%5B%5D=advice&s=recent&l=2, Decision on the merits 71/2022 - 12/29
(necessity test). This means that the question must be asked whether
means the same result can be achieved without processing personal data or
without unnecessary processing for the data subjects. The Disputes Chamber determines
that it was by no means necessary to further process the passengers' personal data
To send them the targeted e-mail
believe that the message announced in the e-mail is also in a different way
could have been made known. The second condition is therefore not met.
39. The third condition concerns the “balancing test” between the interests of the
controller on the one hand, and the fundamental freedoms and rights of
concerned, on the other. In accordance with Recital 47 GDPR, when determining this,
verify whether the “data subject at the time and in the context of the collection of the
personal data can reasonably expect that processing for that purpose can take place”
The Disputes Chamber establishes that those involved could not have expected that the
personal data provided in the context of a transport contract
be used for purposes other than processing the request for a rail pass,
in particular promotional activities. Therefore, any recourse to Article 6. 1, f would not
to succeed.
40. In view of the above, the Disputes Chamber is of the opinion that the processing of the
personal data by sending e-mails happened without the choice (and even the
presence) for a lawful basis. Defendant's appeal on the legal basis
execution of the agreement of Article 6.1b, cannot be invoked in this case, since the e-mail
mail is not a necessary corollary of the contract of carriage between the parties. That's why there is
also not met the principle of necessity as laid down in Article 5.1c of the GDPR. The
The Disputes Chamber therefore establishes infringements of Articles 5.1 a and c, 5 . 2 and 6 . 1 GDPR.
Right to object and direct marketing
41. The Inspectorate has come to the conclusion that there was direct marketing by the
dispatch of the newsletters by the defendant and that there is no effective right to object
was awarded to those concerned. Therefore, according to the Inspectorate, there was an infringement
on Articles 21. 2 and 21.4 GDPR.
42. On the basis of Article 12 of the GDPR, the controller should inform the data subjects
transparent information. In doing so, the controller must, among other things:
exercise of the data subject's rights on the basis of Articles 15 to 22 of the
to facilitate GDPR. Article 21 of the GDPR sets out the right of objection of the data subjects vis-à-vis
by the controller. Article 21. 2 provides that when
personal data are processed for direct marketing purposes, the data subject at all times
has the right to object to the processing of the data concerning him at any time
personal data. If the data subject exercises that right against processing for direct, Decision on the merits 71/2022 - 13/29
marketing, the personal data may no longer be processed for that purpose by
the controller. The right to object according to Article 21. 4 must be submitted at the latest at the
first contact with the data subject to be brought to the attention of the data subject and
displayed clearly and distinctly from the other information.
43. The defendant disputes the findings of the Inspectorate and argues that there was no
direct marketing, as: ”(i) the email was not intended for direct or indirect promotion
of goods, services or the image of SNCB and (ii) the e-mail is part of the implementation of the
government tasks of SNCB that are excluded from the concept of 'direct marketing'.
44. The GDPR does not define what is meant by “direct marketing”. Nor
there is to date an official, legal, or generally accepted definition of this term on
European level. The GBA clarified its interpretation of this legal concept in recommendation
1/2020 as follows :
“Any communication, in whatever form, solicited or unsolicited, from a
organization or person and aimed at the promotion or sale of services, products (whether or not
fee), as well as brands or ideas addressed by an organization or person who
acts in a commercial or non-commercial context, which is directly addressed to one or
more natural persons in a private or professional context and who
involves personal data”. Thus, under “direct marketing” various
forms of promotion, such as email newsletters, commercial telephone calls or
text messages or e-mails, or online advertising and this, whether or not in a commercial context.”
45. According to the above interpretation, the promotion or sale of services or products where
does not have to be paid for can also be regarded as direct marketing. The defendant
stated, however, that e-mails regarding the Hello Belgium Railpass - among other things - cannot
be regarded as direct marketing because the railpass was awarded completely free of charge to the
applicants thereof. The Disputes Chamber is of the opinion that this view is incorrect based on the
the above interpretation of the term direct marketing.
46. In addition, according to the defendant, the e-mail regarding the Hello Belgium Railpass falls within the scope of the
implementation of SNCB's government tasks. In its conclusion, it states in fact: ”NMBS has a
public service obligation for domestic passenger transport by rail. She received at KB
28july2020fromtheKingtheordertofittheHelloBelgiumRailtotheBelgianpopulation
and to provide the train journeys for which this title could be used.
As a result, e-mail cannot be considered "direct marketing" for this reason either
after all, expressly confirmed by the Direct Marketing Recommendation of the GBA itself.”
8
GBA, Recommendation No. 01/2020 of January 17, 2020 regarding the processing of personal data for direct
marketing purposes”, p. 9, Decision on the merits 71/2022 - 14/29
47. The defendant also quotes the following from the Direct Marketing recommendation of the
GBA:
“This definition includes all forms of communication, whether or not they are promotional”
of goods or services, the promotion of ideas suggested or supported by any person
or organization, but also the promotion of that person or organization itself, including its
brand image of the brands owned or used by it, with the exception of
the promotion carried out at the initiative of public authorities acting strictly in the
under their legal obligations or public service tasks for services for which
they alone are responsible.”
Finally, communications from government services conducting certain campaigns (eg.
vaccination campaigns) or services (e.g. telephone centers for assistance to persons in difficulty)
promote what they are legally responsible for or offer as a public service,
not considered direct marketing communications unless they simultaneously provide specific services or
promote products offered by private service providers.” 9
48. It is apparent from the above and from what was stated at the hearing that the defendant argues a duty to
have to promote the Hello Belgium Railpass because they have a legal
had responsibility. The emails should therefore be classified as a
“public authorities notice” or a “promotion at the initiative of public authorities”. The
However, the recommendation of the GBA emphasizes that there must be a promotion that is
carried out at the initiative of public authorities acting strictly within the framework of their legal
obligations or public service duties.
49. In addition, the defendant cannot simply be regarded as a “public service”, such as
defined above. After all, the defendant is an autonomous public company. Characteristic of
the status of an autonomous public company is the express possibility that
these companies are allowed to perform, in addition to their statutory public service missions
10
develop other activities. A restrictive conception of
According to the Disputes Chamber, government service is appropriate in view of the foregoing. The
The Disputes Chamber also wishes to point out that according to article 221 § 2 of the Act
protection of personal data is a legal person under public law that offers services on
the market which makes it unlike "the government and their appointees or agents"
an administrative fine within the meaning of 83 GDPR may be imposed. This is according to the
The Disputes Chamber also provides an indication that the defendant cannot be
considered "classic" government.
9Quotation and marking by defendant from recommendation Direct marketing GBA 01/2020
10
Article 7 of the Act on the Reform of Certain Economic Public Enterprises, Decision on the Substance 71/2022 - 15/29
50. The Disputes Chamber is of the opinion that the email sent (which also contains general information that
not related to the specific sanitary situation or not specifically valid when used
of the Hello Belgium Railpass but could also be applicable when using other
tickets) cannot be regarded as promotion strictly limited to the
carrying out the legal obligation imposed on SNCB in the context of offering
the Hello Belgium Railpass or which was limited to the provision of a public service. The
The Disputes Chamber also points out that the e-mail sent may also contain the
(possibly indirectly) promoting services or products provided by private service providers
are offered, which is an additional indication that the email was not exclusively related
on a public service.
51. It would also be assumed by the petitioner that it concerns a communication originating from a
government agency, the content of that communication cannot be unlimited. The defense that the email
which was sent would not be direct marketing because SNCB had the task as a government agency
informing the travelers is of no use, according to the Disputes Chamber. It would free the defendant
have stood in the context of its statutory task / task of general interest, the travelers
to notify and inform with regard to the special sanitary situation due to the
pandemic. Therefore, the defendant could have included in the e-mail that the stations were being crowded
expected and that this crowding could pose a danger. In doing so, she should have
limit to informing travelers of this danger.
52. In the opinion of the Disputes Chamber, however, the content of the e-mail cannot be interpreted
as merely factual information about the sanitary situation at the time in which travelers were
warned and asked to exercise caution and to spread out as much as possible.
On the contrary, the e-mail had little to do with the referrals and content that
the sanitary situation, (also) acquired a commendable character, in order to ensure that there
as many people as possible would use the Railpass (and other services or
products, or (indirectly) even from other transport tickets).
53. Accordingly, it has not been demonstrated by the defendant that the e-mails were strictly for the purpose of
encourage travelers to choose less crowded cities. Although there are tips
given to visit certain cities, the main message of the e-mail is according to the
Dispute chamber does indeed promote the Hello Belgium Railpass or even others
tickets and services or products (although not always explicitly mentioned). In addition, it is not
important that NMBS/SNCB would not derive any financial advantage from this
of the e-mails referred to the special services provided by SNCB, which
corporate image. The Disputes Chamber therefore agrees with the Inspectorate, where
this states that there is promotion: After all, the message is that the services of the VV
allow train passengers to (1) rediscover more than 500 Belgian destinations, (2)
travel comfortably and safely and (3) easily use their Railpass.” Defendant had
can choose to send a notification that immediately and clearly conveys the message, Decision on the substance 71/2022 - 16/29
it could be deduced that there was a fear that certain cities would be too crowded and
travelers should take this into account. In addition, the communication
between the data protection officer and various employees of the defendant
that one is aware of the fact that the mailing could be classified as direct
marketing and that for these reasons a correct balance and description was sought so that the e-mail
emails would be regarded as part of the execution of the agreement. That's how it falls
among other things to read in this communication: ”Provided that we have the direct link to the blogs
be able to extract it and replace it with a text that points more to our planning module
on the site we can bring this information under the justification ground “execution of a
contract” which is a stronger argument to say that people cannot afford this
unsubscribe.”
54. The Dispute Board is therefore of the opinion that the targeted e-mails should be marked as
direct marketing.
55. Article 21.1 provides that the right to object should be facilitated in the event that
data is processed on the basis of Article 6.1(e) off) GDPR. In accordance with article 21. 2 of the
GDPR has the data subject whose personal data is used for direct marketing purposes
also processes the right to object to the processing concerning him at any time
personal data, including profiling related to direct marketing
56. Defendant invoked with regard to the processing of the personal data for the transmission
of the e-mails to the applicants (wrongly, by the way, cf. supra) on the legal basis of the
execution of an agreement article 6.1, b, arguing that the targeted e-mails
were necessary to comply with that agreement and to ensure the safety of the travelers and the
employees as a result of which art 21.1 AVG would not apply. from direct
marketing would also be out of the question since the defendant in the context of its assignment from the
government has sent these e-mails, so that Art 21.2 AVG would not apply.
As discussed above, according to the Disputes Chamber, the e-mails can
be regarded as direct marketing whereby the defendant had the obligation to
art. 21.2 and art. 12.2 GDPR to provide and facilitate the right to object.
57. The defendant points out that the disclaimer of the e-mail regarding the Hello Belgium Railpass contains a
contained a clear hyperlink to the SNCB privacy statement. Via this hyperlink,
data subjects informed about other rights such as the right to erasure about which they
possessed. Therefore, according to the defendant, the persons concerned had invoked the right to
having their data erased can have the same effect as the right to object.
58. The Disputes Chamber rules that the right to object has not been facilitated in this case. Defendant
points out that data subjects could have other rights such as the right to erasure
11
Document 11 to the defendant's claim: e-mail from DPO of 6 October 2020, Decision on the merits 71/2022 - 17/29
This should be done by sending an e-mail to SNCB together with a copy
of the identity card. The Disputes Chamber emphasizes that the right of objection is a right that
is expressly assigned to data subjects according to Article 21. 2 GDPR. This right is according to
Article 21.4 in addition, during the first contact and clearly separated from other any other
information to be displayed. With regard to information about the right to object
(Article 14.2 b) GDPR) in particular, Article 21.4 GDPR expressly states that this possibility,
separate from the other information, already in the first message to the data subject, should be
Hospitalized. However, the e-mail that is the subject of these proceedings does not
in no way expresses the right of objection. What's more, it doesn't contain any reference to this
right of objection. Recital 70 GDPR provides, however, that this right is expressly, in a clear
manner and separately from other information, should be brought to the attention of the data subject
brought. In the absence of notice of this right of objection in the emails targeted, the
controller also acted in violation of Article 21.4 of the GDPR.
59. In Recommendation 1/2020 on direct marketing, the DPA also states that the data subject is entitled to
object to direct marketing should be easy to exercise, taking into account the
means by which the controller communicates with the data subject: “if the
mandatory information is provided digitally or if you contact the person through digital channels,
13
a single click should suffice”
60. In view of the above, the Disputes Chamber establishes infringements of Articles 12. 2, 21.2, 21.
3 and 21.4 of the GDPR as the defendant does not have the right to object for data subjects
facilitated while the targeted e-mails can be regarded as direct marketing.
The Data Protection Officer
61. Article 38.3 provides that the data protection officer reports directly
to the highest management level of the controller. In the guidelines of
the Working Group 29 on the Data Protection Officer becomes the following explanation
given to reporting to the most senior manager as referred to in Article
38.3: ”If the controller or processor makes decisions that are not in line
subject to the General Data Protection Regulation and the opinion of the officer
data protection, the latter should be given a chance to express his/her dissenting opinion
to the top managers and to those who make the decisions
Article 38.3 provides that the data protection officer "directly
[reports] to the senior manager of the controller or the
14
processor". Such reporting ensures that senior management (e.g. the
12Article 21.4 GDPR. The right referred to in paragraphs 1 and 2 shall be exercised at the latest at the time of the first contact with the data subject
expressly brought to the attention of the data subject and presented clearly and separately from any other information.
13
GBA, Recommendation no.01/2020 of January 17, 2020 on the processing of personal data for direct
marketing purposes, marginal number 162, p. 54
14Guidelines for the Data Protection Officer of the Working Group 29, WP 243 rev.01, p.19, adopted by the
EDPB., Decision on the merits 71/2022 - 18/29
board of directors) is aware of the advice and recommendations that the officer
data protection provided in the context of its mission to the controller
or to inform and advise the processor.
62. The Inspectorate has established that the defendant does not comply with this provision, as
explained by the Working Group 29. From the respondent's answer to questions from the
Inspection service about the exact position of the official within the organization chart, according to
the Inspectorate that the officer does not report directly to the highest level,
in this case the CEO.
63. The defendant disagrees with the Inspectorate's finding. To demonstrate this lay
defendant in conclusion various documents about e-mail correspondence between
the data protection officer and the assistant to the CEO regarding privacy
issues. A PowerPoint prepared by the data protection officer is also available
presentation to the executive committee entitled: “GDPR points for attention and interim update
audit” added. A “Governance Charter for the Protection of Personal Data” was issued
also inserted therein it reads:
- That the Data Protection Officer together with the Chief Information Security
develop a policy for the protection of personal data and submit it to the
executive committee.
- He advises the Executive Committee and all parts of SNCB on the protection of
personal data and on setting up a structure and processes to ensure compliance with the
ensure rules for the protection of personal data
- The DPO reports important shortcomings in the processing of personal data, the
comply with the rules or policies for the protection of personal data directly
to the Executive Committee
- The management committee ratifies the policy for the protection of personal data and the
information security policy and makes the necessary resources available to the Data Protection
Officer to indicate the direction desired by SNCB for the management of personal data
to the entire organization.
64. The Disputes Chamber is of the opinion that, on the basis of the documents submitted
and has made sufficiently plausible what was stated by the official at the hearing
that the data protection officer reports or can report directly
to the highest management level within the organization. At the hearing, the officer
declared not to have experienced any opposition and was encouraged by the board
is fulfilling its legal obligations. According to the Disputes Chamber, the
mail correspondence between the data protection officer and the CEO as well as from the
“Governance Charter” that can be reported directly to the CEO who also, Decision on the merits 71/2022 - 19/29
is permanent chairman of the Executive Committee as well as the Executive Committee of SNCB. The
The Disputes Chamber is therefore of the opinion - unlike the Inspectorate - that the defendant has
Article 38. 3 GDPR and there is therefore no infringement of that Article.
III.Sanction
65. The Disputes Chamber puts the following points first when determining the sanction.
emails sent to customers in connection with the use of the Hello Belgium Railpass. It
it has been established before the Disputes Chamber that the NMBS/SNCB/NMBS is responsible for the sanitary and commercial considerations
mixes. Where it is justifiable in connection with the Covid-19 crisis that the NMBS are
inform customers about health risks associated with the use of the train, this does not apply to
incentives to use the train as much as possible, including for tourist
field trips.
66. Another point concerns the power to impose a fine on SNCB. The
SNCB is a legal entity under public law that offers services to a market
NMBS/SNCB does not fall under the exception with regard to the imposition of administrative fines,
as provided for in art. 221 § 2 of the Law on the Protection of Natural Persons with
with regard to the processing of personal data from 30 July 2018.
67. The Disputes Chamber decides to impose an administrative fine that does not matter
serves to end an offense committed, but with a view to a powerful
enforcement of the rules of the GDPR. As is clear from Recital 148 GDPR, the GDPR states
after all, it is important to note that for every infringement – thus also when an infringement is first established – penalties,
including administrative fines, in addition to or instead of appropriate measures
imposed. 15
68. Next, the Disputes Chamber shows that the infringements committed by the defendant of the
Articles GDPR in no way concerns minor infringements, nor that the fine would be a disproportionate burden
to a natural person as referred to in Recital 148 GDPR, where in any of
in both cases a fine can be waived. The fact that it is a first finding of
a violation of the GDPR committed by the defendant, thus in no way prejudices
15Recital 148 states: “In order to strengthen the enforcement of the rules of this Regulation, penalties, including
including administrative fines, to be imposed for any infringement of the Regulation, in addition to or in lieu of appropriate
measures imposed by the supervisory authorities pursuant to this Regulation. If it is a small
infringement or if the expected monetary fine would cause a disproportionate burden and on a natural person, instead of a
fine are chosen for a reprimand. However, the nature, severity and duration of the
the infringement, with the intentional nature of the infringement, with damage mitigation measures, with the degree of responsibility,
or with previous relevant infringements, with the manner in which the infringement came to the attention of the supervisory authority, with
compliance with the measures taken against the controller or processor, with the affiliation with
a code of conduct and any other aggravating or mitigating factors. The imposition of penalties, including
administrative fines must be subject to adjusting the procedure and guarantees in accordance with the general principles
of Union law and the Charter, including an effective remedy and a fair administration of justice. [own
underline], Decision on the substance 71/2022 - 20/29
the possibility for the Disputes Chamber to impose an administrative fine. The
The Disputes Chamber imposes the administrative fine in accordance with Article 58.2 i) GDPR. It
The administrative fine is in no way intended to end infringements. To that end
the GDPR and the WOG provide for a number of corrective measures, including the orders
mentioned in article 100, § 1, 8° and 9° WOG.
69. Taking into account Article 83 AVG and the case law 16 of the Marktenhof, the motivation
Dispute chamber imposing an administrative sanction in concrete terms:
- The gravity of the infringement: It is established that the defendant has committed several infringements of
the principles of Articles 5 and 6 of the GDPR and the rights of data subjects in
Articles 12 and 21 of the GDPR. Such infringements constitute a significant infringement of
the objectives of the Regulation, namely to protect fundamental rights and
fundamental freedoms of natural persons and in particular their right to the protection of
personal data.In addition, article 83.5 prescribes before the highest administrative fines
may be imposed for violations of the aforementioned articles. The NMBS has
cooperated during the investigation.
- The duration of the infringement: sending the newsletter to the applicants of the Hello
Belgium Railpass happened in October 2020. It is therefore a one-off violation,
which justifies the relatively low amount of the fine.
- The size : As can be seen from the sent targeted newsletter itself, there are 3.6 million Hello
Belgium Rail passes requested. This therefore concerns almost a third of the entire
Belgian population, making the size of the infringement exceptionally large.
- The necessary deterrent effect to prevent further infringements.
It appears from this file that insufficient account was taken of the
personal data protection of data subjects, which should actually be central
given the defendant's business model. Processing personal data
is after all an important part of the defendant's activity. It is of crucial importance
that such companies comply with data protection rules. The facts
anddeterminedviolationsnoontoapenaltythatmeetstheemergencysome
to have sufficient deterrent effect, whereby the defendant becomes sufficiently strong
sanctioned, so that practices involving such violations would not be repeated, and
so that the defendant would henceforth pay more attention to
personal data protection.
70. On March 18, 2022, a sanction form (“form for response against intended
sanction") addressed to the defendant. In summary, the defendant responded as follows:
16
Brussels Court of Appeal (Market Court section), Judgment 2020/1471 of 19 February 2020. Judgment on the merits 71/2022 - 21/29
According to the defendant, the Disputes Chamber did not take sufficient account of the special
situation and context in which the respondent was at the time of sending the newsletter. The
communication happened during the second wave of the epidemic and served as much as possible
to distribute travelers. Defendant was obliged by the government to issue the Railpass and
received a flat-rate compensation, regardless of whether the card was used or not. Defendant
was only trying to properly perform the contractual obligation that it was
entered into with Railpass users. Referring to other destinations in the
newsletter was only a limited part of the communication. There is no mention of it
knowingly mixing commercial and sanitary considerations by such as by the
Dispute chamber is stated in the sanction form. The defendant argues that there is also political
no initiative has been taken to spread travelers across different destinations,
as a result of which the defendant has done this in order to properly implement the contractual
relationship with Railpass users. According to the defendant, the Disputes Chamber
furthermore, disregarding the fact that the defendant has indeed taken into account
taking into account the rights of data subjects. According to the defendant, the aforesaid was done by a
analyze the legal basis used, seek advice from the officer and
facilitating the rights of data subjects.
71. The defendant is of the opinion that the sanctions are unacceptable. Especially now that the Railpass was framed
within the public service obligation of the defendant to offer the Railpass free of charge.
In other words, the defendant would be sanctioned for failing to take the measures it
imposed by the government.
72. The Disputes Chamber is of the opinion that all arguments put forward by the defendant in the
sanction form have already been dealt with in this decision and were taken into consideration
taken in the determination of the administrative fine in accordance with article 83.2 AVG
Defendant's assertion that it was trying to properly implement the
agreement between her and the travelers cannot succeed, according to the Disputes Chamber, since
the processing in this case was not necessary for the execution of the agreement (see above
marginal 29 ff.) The reference to other destinations in the e-mail was according to
defendant only a limited part of the communication and there is no question of the
the deliberate mixing of commercial and sanitary considerations
disagree with this. According to the Disputes Chamber, the targeted e-mail does contain earlier
commercially oriented content. Therefore, the sanitary purposes which according to the defendant
the actual purpose in sending the email was deliberate and commercial considerations
mixed. Finally, the Disputes Chamber points out that it is not under any obligation, nor on the basis
of the AVG or the WOG, nor on the basis of case law of the Market Court, to explain the motivation of
the present decision prior to the taking of the decision concerned to the
to submit contradictions of the defendants, the sanction form serves only
to offer the possibility of opposing the intended sanction., Decision on the merits 71/2022 - 22/29
73. On the basis of all the elements set out above, the Disputes Chamber decides
to maintain the intended sanction of €10,000. The determined infringements justify and a
effective, proportionate and dissuasive sanction as referred to in art. 83 GDPR, taking into account
with the assessment criteria specified therein. The Disputes Chamber points out that the other criteria
of art. 83.2. GDPR in this case are not of a nature that they lead to a different administrative
fine than that which the Disputes Chamber has set in the context of this decision.
IV. Publication of the decision
74. Given the importance of transparency in the decision-making of the
Litigation Chamber, this decision will be published on the website of the
Data protection authority, stating the identification data of the defendant
having regard to the public interest of the present decision, on the one hand, and the inevitable
possibility of re-identification of the defendant in case of pseudonymization, on the other hand.
FOR THESE REASONS,
the Disputes Chamber of the Data Protection Authority decides, after deliberation, to:
- Pursuant to article 100, §1, 13° WOG and art. 101 WOG to impose an administrative fine
to impose €10,000 for infringements of Articles 5.1 sub a and c, 5. 2 , 6. 1, 12. 2, 21. 2, 3 and
4 GDPR.
Against this decision, pursuant to art. 108, § 1 WOG, appeal to be lodged
within a period of thirty days, from the notification, to the Marktenhof, with the
Data Protection Authority as Defendant
Against this decision, pursuant to art. 108, § 1 WOG, appeal must be lodged within a
period of thirty days, from the notification, to the Marktenhof, with the
Data Protection Authority as Defendant.
(trans.) Hielke Hijmans
Chairman of the Disputes Chamber, Decision on the merits 71/2022 - 23/29
Attachment: The targeted e-mail in Dutch and French together with the website where you are right
comes after clicking on the link in the mail, Decision on the merits 71/2022 - 24/29, Decision on the merits 71/2022 - 25/29, Decision on the merits 71/2022 - 26/29
NL, Decision on the substance 71/2022 - 27/29, Decision on the substance 71/2022 - 28/29
Via the link "rediscover more than 500 destinations in Belgium" you recently (May 2, 2022) ended up
on the website with the following:,Decision on the merits 71/2022 - 29/29
