APD/GBA (Belgium) - 73/2025
From GDPRhub
| APD/GBA - 73/2025 | |
|---|---|
 | |
| Authority: | APD/GBA (Belgium) |
| Jurisdiction: | Belgium |
| Relevant Law: | Article 5(1)(c) GDPR Article 5(1)(e) GDPR Article 6(1)(c) GDPR |
| Type: | Complaint |
| Outcome: | Partly Upheld |
| Started: | 03.05.2024 |
| Decided: | 23.04.2025 |
| Published: | |
| Fine: | n/a |
| Parties: | An unnamed data subject Bpost |
| National Case Number/Name: | 73/2025 |
| European Case Law Identifier: | n/a |
| Appeal: | Unknown |
| Original Language(s): | Dutch |
| Original Source: | APD/GBA (in NL) |
| Initial Contributor: | cci |
The DPA warned the Belgian Post Group for violating the principle of data minimisation. The DPA clarified that the principle applies even when the means of the data processing are explicitly provided for by national law.
English Summary
Facts
The Belgian national post service Bpost (the controller) delivered a registered mail to a recipient (the data subject). An employee of the controller took a picture of the data subject’s ID, in order to prove that their identity had been verified during the delivery.
The data subject filed a complaint over this practice. They claimed that there was no legal basis for taking and storing a picture of their ID. They also claimed that the practice was unnecessary, in violation of the GDPR principles of data minimisation and storage limitation.
The data subject did not, however, object to the use of their ID for verification per se. Rather, the data subject challenged the fact that their ID was photographed, and that the picture was stored. So, the use of IDs for verification purposes only was never questioned in the case.
Holding
The DPA found that the controller violated the principle of data minimisation and issued a warning.
On lawfulness
The controller argued that the processing was based on its legal obligation to verify the recipient’s identity and store proof of the verification. In this regard, the controller invoked the Royal Decree on postal services[1].
The DPA accepted the argument and held that the Act constituted a clear, precise, and predictable legal basis for processing personal data[2]. For this reason, the DPA held the processing to be lawful.
On data minimisation
The DPA observed that ID cards include data which are not listed on the registered mail itself (such as birth data, birthplace, and identity card number). The DPA held that these data were irrelevant to the verification of identity because the controller could not check them against any other data in its control.
The DPA then examined and rejected two of the controller’s arguments on data minimisation.
The controller pointed out that the Royal Decree on postal services explicitly mentioned storing a picture of IDs as proof that identity verification took place[3]. On this basis, the controller argued that the processing could not possibly violate the principle of data minimisation.
The DPA rejected the argument. In this regard, the DPA held that under the principle of primacy of Union law, national law must be interpreted in light of European data protection law. Contrary to the controller’s claims, the DPA held that such an approach did not constitute a contra legem interpretation of national law.
Furthermore, the DPA observed that the Decree lists several possible means of storing proof of identity verification. So, the controller had some degree of discretion. Within this margin of discretion, the controller had to comply with the principle of data minimisation and opt for the least invasive means necessary.
The controller also claimed that having one’s ID photographed is not mandatory, in order to receive a delivery. According to the controller’s own internal policy, if a recipient refused to have their ID photographed, the mailman could record the ID number alone and store it as proof of delivery.
The DPA rejected the second argument because the policy still left it to the subject to refuse the excessive processing of personal data. Therefore, the controller still violated the principle of data minimisation. Furthermore, the controller did not prove that the policy was implemented in practice.
For all the reasons above, the DPA held that the controller violated the principle of data minimisation by taking a picture of recipients' IDs and storing them. The DPA issued a warning.
On storage limitation
With regards to storage limitation, the controller pointed out that Belgian law provides for the post service to keep proof of identity verification for 13 months. On this basis, the controller argued that a storage time of 13 months was appropriate. The DPA accepted the argument and did not find a violation of the principle of storage limitation.
Comment
The DPA dismissed a similar complaint against Bpost in the past (see APD/GBA 102/2021). The older complaint only questioned the lawfulness of the processing and did not touch upon data minimisation.
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Dutch original. Please refer to the Dutch original for more details.
1/19
Dispute resolution
Decision on the merits 73/2025 of 23 April 2025
File number: DOS-2024-02177
Subject: Complaint against BPost concerning the photographing by a postal worker of
the complainant's identity card upon receipt of a registered letter
The Dispute Resolution of the Data Protection Authority (hereinafter referred to as 'GBA'), composed of
Mr Hielke HIJMANS, chairman, and Messrs Dirk Van Der Kelen and Romain Robert, members;
Having regard to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016
on the protection of natural persons with regard to the processing of
personal data and on the free movement of such data, and repealing
Directive 95/46/EC (General Data Protection Regulation), hereinafter
“GDPR”;
Having regard to the law of 3 December 2017 establishing the Data Protection Authority,
hereinafter “WOG”; 1
Having regard to the internal rules of procedure, as approved by the
Chamber of Representatives on 20 December 2018 and published in the Belgian Official Gazette on
15 January 2019;
Having regard to the documents in the file;
Has taken the following decision regarding:
Complainant: X, hereinafter “the complainant”;
Defendant: BPost, with registered office at Anspachlaan1 box 1 – 1000 Brussels, with
company number 0214.596.464, represented by Mr. Heidi
Waem and Mr. Simon Verschaeve, hereinafter “the defendant”.
1
The GBA recalls that the law of 25 December 2023 amending the law of 3 December 2017 establishing
the Data Protection Authority (WOG), and the new internal rules of the GBA, entered into force on 1 June 2024. The new provisions apply to complaints, mediation files, requests, inspections and
procedures before the Dispute Resolution Chamber that commence from this date. The new WOG is available via this link:
https://www.ejustice.just.fgov.be/cgi_loi/change_lg.pl?language=nl&la=N&cn=2017120311&tenle_nhet=wet,
internal order regulations via this link: < https://www.gegevensbeschermingsautoriteit.be/publications/reglement-van-
interne-orde-van-de-gegevensbeschermingsautoriteit.pdf>. Files initiated before 1 June 2024, of which this file is part, are, on the other hand, subject to the provisions of the WOG and the internal order regulations as they existed
before that date. Decision on the merits 73/2025 — 2/19
I. Facts and procedure
1. The subject of the complaint concerns the photographing by a postal worker of the
identity card of the complainant in the event that he wishes to receive a registered letter.
2. On 3 May 2024, the complainant files a complaint with the Data Protection Authority against
the defendant.
3. On 18 June 2024, the complaint is declared admissible by the First Line Service on the basis
of Articles 58 and 60 WOG and the complaint is transferred to the Dispute Resolution Chamber on the basis
of Article 62, § 1 WOG.
4. On 10 July 2024, the Dispute Resolution Chamber decides on the basis of Article 95, § 1, 1° and Article 98WOG
that the file is ready for consideration on the merits and the parties involved are informed by
registered mail of the provisions as stated in Article 95, § 2,
as well as of those in Article 98WOG. They are also informed
of the deadlines for submitting their defences on the basis of Article 99WOG.
The scope of the case was determined to be the following alleged infringements:
• Possible infringement of Article 5.1.a) in conjunction with Article 6.1 of the GDPR due to the
lack of a legal basis for processing the personal data on the
complainant's identity card;
• Possible infringement of Article 5.1.c) of the GDPR due to the
lack of the need to process all the data on thecomplainant's identity card for
the specific purposes of the processing;
• Possible infringement of Article 5.1.e) of the GDPR due to the
retention of the personal data for longer than necessary for the purposes of the
processing;
• Possible infringement of Article 24 of the GDPR due to the
lack of sufficient organizational measures to ensure that the guidelines for the
processing of personal data are correctly applied by all employees. The deadline for receipt of the defendant's conclusion of reply was set at 19 August 2024, that for the complainant's conclusion of reply at 16 September 2024 and finally that for the defendant's conclusion of reply at 14 October 2024.
5. On 11 July 2024, the complainant electronically accepts all communication regarding the case, requests a copy of the file (Article 95, § 2, 3° WOG), which was sent to him on 15 July 2024 and indicates that he wishes to make use of the opportunity to be heard. Decision on the merits 73/2025 — 3/19
6. On 11 July 2024, the defendant electronically accepts all communications concerning the case,
requests a copy of the file (Article 95, § 2, 3° WOG), which was
sent to him on 15 July 2024 and indicates that he wishes to make use of the
possibility to be heard, in accordance with Article 98WOG. In the same
letter, the defendant requests an extension of the conclusion periods by one month.
7. On 15 July 2024, the Dispute Chamber grants the defendant an extension of the
conclusion period of two weeks. The scope of the case is adopted unchanged.
The deadline for receipt of the defendant's statement of defence was set at 2 September 2024, that for the complainant's statement of reply at 30 September 2024 and finally that for the defendant's statement of reply at 28 October 2024.
8. On 2 September 2024, the Dispute Chamber receives the defendant's statement of defence.
9. On 3 October 2024, the Dispute Chamber receives a request from the complainant for an extension of the time for submitting his statements, which was granted to him on the same day. The new deadline for receipt of the complainant's conclusion of reply was set at 7 October 2024 and for receipt of the defendant's conclusion of reply at 4 November 2024.
10. On 7 October 2024, the Dispute Chamber receives the complainant's conclusion of reply.
11. On 31 October 2024, the Dispute Chamber receives the defendant's conclusion of reply.
12. On 9 December 2024, the parties are informed that the hearing will take place on 21 January 2025.
13. On 21 January 2025, the parties are heard by the Dispute Chamber.
14. On 29 January 2025, the minutes of the hearing are submitted to the parties.
15. On 11 February 2025, the Dispute Chamber receives from the defendant some
comments regarding the report, which it decides to include in
its deliberations.
II. Reasons
II.1. Subject of the complaint: description of the processing
16. BPost was designated by the legislator in the law of 26 January 2018 on postal services
(hereinafter ‘postal services law’) as a provider of universal postal services,
including “the services related to registered mail and mail with Decision on the merits 73/2025 — 4/19
declared value.” Article 9 of the Royal Decree implementing the law on
postal services (hereinafter ‘implementing Royal Decree’) concerns the measures for identifying the
addressee or his authorised representative. In implementation of this law and the implementing Royal Decree,
a postal worker, on site or at the post office, requests the identity card of the
recipient of a registered item for identification and takes a photo of the identity card with
the device intended for this purpose (hereinafter referred to as ‘the Mobi’) in order to
be able to demonstrate this identity check, given the legal guarantees that apply to a
registered item. These photos of the identity cards are stored securely for 13 months, after which
they are destroyed.
17. The complainant does not object to his identity being checked using his
identity card, but does object to his identity card being photographed as
proof of this identity check.
18. As the employer of the postal workers, the defendant determines the purpose and means of
this data processing. The defendant relies on the Postal Services Act and
the implementing Royal Decree for this purpose and is the controller of this processing.
II.2. Admissibility of the complaint
19. The defendant argues that, although the complaint was filed before the
entry into force of the amendment to the WOG, the declaration of admissibility of the First Line Service
(hereinafter ‘ELD’) dates from after that same entry into force. The complaint does not
meet the new admissibility criteria because the complainant had not first exercised his rights
and because another procedure was already ongoing for similar facts at the
Dispute Resolution Chamber. The defendant is therefore of the opinion that the complaint was
inadmissible and was wrongly referred to the Dispute Resolution Chamber. In the defendant's comments
on the PV of the hearing, the defendant clarifies his position: since there is no
transitional arrangement for the WOG, as there is for the adjustment of the
Internal Order Regulations of the GBA, the defendant is of the opinion that the ELD
2 Article 15 §1 4° of the Act of 26 January 2018 on postal services.
3
Royal Decree of 14 March 2022 on postal services.
4Article 9 § 1. Registered items are delivered against signature by the addressee or his representative.
The identity of the addressee or his representative is checked on the basis of an identity document.
The capacity of the representative is demonstrated in accordance with the provisions of Article 20. In order to demonstrate that
the identity of the addressee or his representative has indeed been checked, the postal service provider
takes a handwritten, photographic or electronic copy of the identity document or uses any other
means of evidence that it deems useful. Proof of delivery, of the verification of the identity and, if applicable, of the
verification of the capacity of the representative, is kept by the postal service provider for thirteen
months.
§ 2. The identity document refers to any document that can be used to verify the identity of a person, without being limited to an identity card, a passport or a driving licence. This document, which comes from a federal, regional, provincial or municipal administrative authority, mentions the name and first name of the holder and is provided with a photo on which the holder can be recognised.
5
Article 56.3 of the law of 25 December 2023 amending the law of 3 December 2017 establishing the
Data Protection Authority. Decision on the substance 73/2025 — 5/19
should have applied new admissibility criteria to the complaint. In this respect, the
defendant points out that the new admissibility criteria were already part of the
discontinuance policy of the Disputes Chamber and were therefore a legal anchoring of a
policy that had already been implemented. Finally, the defendant accuses the Disputes Chamber of not having
applied its own discontinuance policy, in this case the two criteria in question,
in its decision regarding the assessment of the merits of this case. 20. Regarding the admissibility of the complaint, the Disputes Chamber points to Judgment 2022/AR/42
in which the Market Court states: “[…] the LCA is not a matter for the Chamber of Contention, one
When considering a plain, it is necessary to make a decision regarding the reception of the plains
address à l'APD” and “Il ressort de la lecture [des articles 94, 95 et 100 de la LCA] que le
prior approval, for the room contention, the possibility of prendre one
decision quant à la recevabilité de la plainte dont elle a été saisie [...]'. In this case, the
The first-line service ruled that the complaint was admissible and the Disputes Chamber could be submitted here
don't come back to it. Furthermore, there is no grievance-bearing consequence for the defendant
since the two criteria in question can also be assessed by the
Dispute Chamber in the context of a possible decision to discontinue the case and since the
defendant still has every opportunity to defend himself against this complaint.
21. Regarding the decision of the Dispute Chamber not to discontinue the case but to
hear it on the merits, the Dispute Chamber refers to judgment 2021/AR/1044 of the
Market Court, which states: “The remedy whereby the FPS FINANCE claims that the
discontinuation policy was not followed by the Dispute Committee is unfounded. […] The fact that
discontinuation ‘may’ be decided (Article 100 §1, 1° WOG) does not entitle the
defendant to discontinuation […]” . Whether or not the Dispute Chamber decides to discontinue the case
is its discretionary power, the discontinuation policy provides direction to the parties
but is binding on the Dispute Chamber when it comes to assessing
whether or not to discontinue complaints.
22. The Dispute Chamber finds this remedy unfounded.
II.3. The powers of the Dispute Chamber
23. The defendant is of the opinion that the complaint and the resulting alleged infringements
of the legal basis, minimum data processing and storage restriction do not
6
Brussels Court of Appeal, Market Court section, judgment2022/AR/42of 8 June 2022, paragraph 20. Machine translation: “the WOG
does not stipulate that the Dispute Chamber, once a complaint has been submitted to it, can take a decision on the admissibility
of complaints addressed to the GBA.” 7Ibid, marginal 21. Machine translation: “A closer reading of [Articles 94, 95 and 100 of the WOG] clearly shows that the legislator has not provided for the possibility of the Dispute Chamber taking a decision on the admissibility of the complaint submitted to it.”
8Court of Appeal Brussels, Market Court section, judgment 2021/AR/1044 of 1 December 2021, marginal 7.2. Decision on the merits 73/2025 — 6/19
relate to infringements committed by the defendant, since the
contested procedure is prescribed by the implementing Royal Decree. The defendant
also considers that the Dispute Chamber is not competent to monitor or enforce compliance with the
internal guidelines of the defendant under Article 24 of the
GDPR.
24. In this case, the complainant's personal data are processed by the defendant. The complainant
formulates a complaint against the defendant regarding this processing. Article 57.1.f)
stipulates that one of the tasks of a supervisory authority is to 'handle complaints from data subjects'. Article 32 of the WOG designates the Dispute Resolution Chamber as an
'administrative dispute resolution body'. The Dispute Resolution Chamber is therefore authorised to handle the
complaint of the complainant. This decision is not intended to test the law, as the
defendant suggests, but to test the processing of the complainant's personal data by the
defendant against the law, in this case the GDPR. The assessment of this
is based on the articles of the GDPR, in particular on the legal basis (Article 5.1.a)
and Article 6.1 of the GDPR, the principle of data minimization (Article 5.1.c)
of the GDPR), the principle of storage limitation (Article 5.1.e) of the GDPR) and the
responsibilities of the controller (Article 24 of the GDPR), as
also clarified in the invitation to submit conclusions sent to the parties on 10 July 2024.
25. In this context, the Disputes Chamber also points to Judgment 2023/AR/801 of the Market Court
which states: “Par la decision attaquée, l'APD n'a pas reporté ou suspendu l'application de la loi
du16decembre2015. Elle a, conformément aux pouvoirsquiluisont conférés parle RGPD
et la Loi APD […], traité la plainte qui le était soumise, constaté certaines violations aux
dispositions of RGPD and the decision-making process, depending on the suspension
traitementdedonnéescontraireauxdispositionslégales,commeprévuparl'article58,§2,j)
du RGPD et l'article 100, §1, 14° of the law of 3 December 2017 […] »
26. The Dispute Chamber finds this plea unfounded.
II.4. The application of the ne bisin idem principle
10
27. The defendant refers to the decision of the Dispute Chamber 102/2021 concerning
the same processing, based on the same basis and opposes another
9Court of Appeal Brussels, Market Court section, judgment 2023/AR/801 of 20 December 2023, paragraph 22. Machine translation:
“By the contested decision, the GBA did not postpone or suspend the application of the law of 16 December 2015. She
has, in accordance with the powers granted to her by the GDPR and the GBA Act […] dealt with the complaint lodged with her, identified certain violations of the provisions of the GDPR and taken a series of decisions
with the power to suspend data processing in breach of legal provisions, as provided
for in Article 58, paragraph 2, letter j), of the GDPR and Article 100, paragraph 1, point 14, of the Act of 3 December 2017.” 10 Litigation Chamber, decision 102/2021 of 13 September 2021. Decision on the merits 73/2025 — 7/19
assessment of the Litigation Chamber. The defendant refers to the ne bis in idem principle for this purpose.
28. The Court of Justice of the European Union (hereinafter ‘CJEU’) has already clarified in the case BPost v.
Belgian Competition Authority 11 concerning the ne bis in idem principle that:
“[…] the condition ‘idem’ requires that the material facts are the same.
On the other hand, the ne bis in idem principle does not apply if the facts in
question are not the same but merely similar.
The identity of the material facts is namely understood as a set of concrete
circumstances resulting from events that are essentially the same, since
the same perpetrator is involved and they are inextricably linked in time and
12
place […]” .
29. The facts in the decision of the Dispute Chamber 102/2021 concerned the same ‘perpetrator’, in
the case the defendant, but are not connected to the facts in the current complaint
as regards time and place. Decision 102/2021 concerns facts from 4 years before the facts in
this complaint and does not concern the same addressee and therefore by definition not the
same place where the mail was delivered and the photo was taken. The Dispute Chamber
therefore finds that these are similar facts, but not the same facts.
30. Given that the condition ‘idem’ is a constitutive element of the ne bis in idem principle and
this has not been met, the Dispute Chamber finds that the ne bis in idem principle
does not apply and the Dispute Chamber will not further consider the defendant’s
argument. The Dispute Chamber finds this ground unfounded.
II.5. The procedure before the Dispute Chamber
II.5.1. Violation of the principles of reasonableness, economy and
due care
31. The defendant argues that the Dispute Chamber violates the principles of reasonableness,
economy and due care. He is of the opinion that the Dispute Chamber gives priority
to this case without taking into account the impact of the processing and
efficiency of the potential intervention, as a result of which it would not act as a
normally prudent and careful administration. Regarding impact, he points to the dismissal policy of the Dispute Chamber,
where none of the nine general criteria for major social impact and/or
13
personal impact apply. After all, the defendant considers the processing
as a small-scale processing of the data of one person who does not belong to the
1 ECJ, Judgment of 22 March 2022, BPost NV v. Belgian Competition Authority, C-117/20, EU:C:2022:202.
12
Ibid, paragraphs 36-37.
13 Dismissal policy Dispute Chamber, published on 18 June 2021, 3.2.1 General criteria for major social and/or
personal impact. Decision on the merits 73/2025 — 8/19
of special personal data. With regard to efficiency, the defendant points to (i)
the previously concluded procedure, in which the complaint was considered to be
‘manifestly unfounded’, (ii) a second procedure that is running simultaneously for similar
processing, (iii) the use on the GBA website of the implementing Royal Decree as an
example of a legal provision regarding the processing of data on an identity
card, (iv) the publicity that the complainant has given to his complaint, (v) confusion
between the concept of identity document and identity card, (vi) the extension of the scope
of the complaint and (vii) the failure of the complainant to exercise the rights of the data
data subject before filing the complaint.
32. The supervision by the Dispute Chamber is not primarily aimed at settling
disputes between parties, but is one of the instruments of the GBA to monitor
compliance with the rules on data protection, in accordance with the provisions
of the EU Treaties, the GDPR and the WOG. In his conclusions, the defendant
states that he processes approximately 120,000 registered mail per day and keeps the photo
for 13 months. Theoretically, the defendant has approximately
45,000,000 photos of identity cards permanently available for checking in a file,
including one or more photos of the complainant's identity card. Such
processing concerns processing with a major social impact because of the
number of data subjects whose personal data are processed and because of the
sensitive data collected on the identity card. Furthermore, it is within the discretionary power of the Dispute Chamber to choose the outcome it will give to a particular case, which the defendant also acknowledges. The procedural elements raised by the defendant do not result in the rights of the defence being violated, since the defendant was given the opportunity to fully present his arguments by means of the statement of defence and the rejoinder; moreover, the defendant was able to fully exercise his right to contradiction during the hearing of the Dispute Chamber. The defendant did not therefore suffer any disadvantage and the rights of the defence were respected. 33. Furthermore, the defendant himself points to the impact of the processing of
personal data under his responsibility and the efficiency of the intervention
of the Dispute Resolution Chamber when he states: “It should be noted that the
Dispute Resolution Chamber, with its decision in the present proceedings, can contribute to
restoring serenity to the public debate on the delivery of
registered items by [the defendant]. In recent months, dozens of
postmen have been verbally, and in some cases also physically, attacked when
delivering registered items.” 16Despite his argument to the contrary, the
defendant hereby implicitly acknowledges the impact of his processing and the efficiency of the
intervention by the Dispute Chamber on the basis of this procedure.
34. The Dispute Chamber points out that it does not need to motivate why the intervention
of the GBA is reasonable, economical and careful. However, the Dispute Chamber
points out the following for the sake of completeness. Based on
• the major social impact of the data processing,
• the scope of the dispute that was determined on the basis of the discretionary power of the
Dispute Chamber in the invitation to draw conclusions and
• the legal possibilities of the Dispute Chamber to monitor this processing and, if necessary,
adjust it, there is no reason to doubt that the intervention of the GBA is reasonable,
economical and careful and that the right of defence has been respected.
II.5.2. Violation of the principle of legal certainty and trust
35. The defendant additionally argues that the principle of legal certainty and trust were not respected for four reasons: (i) the legal
admissibility requirements were not applied, (ii) the treatment is contrary to the
discontinuation policy, (iii) the GBA website uses the implementing Royal Decree as an example of a
legal provision regarding the processing of data on an identity card and (iv) there
was a previously concluded procedure, in which the complaint was considered to be
‘manifestly unfounded’.
36. With regard to the admissibility requirements and the application of the
discontinuation policy, the Dispute Chamber refers to paragraphs 19-22. With regard to the example on the
GBA website and decision 102/2021, the Dispute Chamber points out that the scope of both
the example and the decision is limited to an assessment of Article 6.1 of the GDPR
(the legal basis for the processing). The scope of the current complaint is, however, broader, which
reasonably justifies a (new) intervention by the Disputes Chamber. The
Disputes Chamber furthermore does not consider itself bound by the publication on the
website of the GBA, which is general and strictly informative in nature and is not based on the
facts in the present case and the parties' defence. With regard to the previous
decision of the Disputes Chamber, it is aware of the expectations it had created
by dismissing the complaint against the legal basis for the processing of the identity
card by the defendant as 'manifestly unfounded'. Those expectations play a role in
the assessment of the part of this complaint that concerns the legal basis for the
processing.
II.6. The lawfulness of the processing
II.6.1. Delimitation of the dispute
37. With regard to the verification of the identity of the recipient of a registered letter,
the Dispute Chamber notes that the implementing Royal Decree refers to two different but
related processing operations. On the one hand, the implementing Royal Decree refers to the verification
of the identity by the defendant, and on the other hand, the implementing Royal Decree refers to
proof of this identity check. The Dispute Chamber notes that the
complainant does not object to the identity check using his identity card. However, he
does object to the taking of a photo of his identity card as proof of
this identity check. The Dispute Chamber will therefore only consider the proof of the
identity check and will not rule on the identity check itself carried out by the
defendant. 38. The Dispute Chamber also points out that the implementing Royal Decree speaks of
identity document and identity card, whereby the identity card is one of the possibilities
to serve as identity document. In addition to the identity card, the implementing Royal Decree
also lists other identity documents that may be useful to the defendant. The complainant
has made it clear in his conclusion that he specifically objects to the use of his
identity card as proof of identity check.
II.6.2. Legal basis legal obligation
39. In his conclusion, the defendant states: “First of all, the request for proof of identity of the addressee of a registered consignment is
prescribed by law, more specifically Article 9, §1 of the Royal Decree of 14 March 2022.”7
40. The Dispute Chamber recalls that, in order to be able to legitimately rely on the
legal basis of Article 6.1.c of the GDPR, personal data may only be processed
if this is necessary for the fulfilment of a legal obligation incumbent on the controller. In these cases, the processing must always
have a basis in the law of the European Union or that of the Member State concerned,
which must also state the purpose of the processing. It must therefore be examined whether
the conditions set out in that article are met in this case.
A clear, precise and predictable legal basis
1Piece 24, BPost Summary conclusion without documents, paragraph 59. Decision on the merits 73/2025 — 11/19
41. According to recital 41 of the GDPR, this legal basis or legislative measure must be
clear and precise and its application must be predictable for those seeking justice, in accordance
with the case-law of the Court of Justice of the European Union (hereinafter
‘the Court of Justice’) and the European Court of Human Rights
(hereinafter ‘the ECtHR’).
42. In this regard, the Litigation Chamber refers in particular to the judgment of the Court of Justice in Privacy
18
International of 6 October 2020, in which the Court states that the
legislation concerned must contain clear and precise rules “on the scope and
application of the measure concerned, so that persons whose personal data
are at issue have sufficient guarantees that those data are effectively
protected against the risk of misuse”. The Court adds: “That provision
must be legally binding under domestic law and in particular indicate in what
circumstances and under what conditions a measure providing for the processing
of such data may be taken, thus ensuring that the interference is limited to
what is strictly necessary […]”.
43. Article 9, §1 of the implementing Royal Decree requires the defendant to collect and
keep proof of the identity check for 13 months. The defendant
convinces in his argument that the purpose of this processing is to ensure the
legal guarantees that apply to registered mail. In the event of a dispute, the defendant must be able to
demonstrate that the mail was indeed delivered to the correct recipient (or his
authorised representative). This purpose is reflected in the definition of registered mail, which is included in
Article 2, 9° of the Postal Services Act.
44. The proof of identity check consists of a “handwritten, photographic or
electronic copy of the identity document” or “any other means of evidence that he
deems useful”. The same article defines identity documents in the second paragraph: “any
document which enables one to ascertain the identity of a person, without
being limited to an identity card, a passport or a driving licence. That
document, which originates from a federal, regional, provincial or municipal
administrative authority, mentions the name and first name of the holder and
bears a photograph on which the holder can be recognised.”
45. The Litigation Chamber holds that in this legal basis:
• the purpose of the processing of personal data is clear, in particular to
verify the identity of the recipient of a registered letter and the
18CJEU, Judgment of 6 October 2020, Privacy International v. Secretary of State for Foreign and Commonwealth Affairs and others, C-
623/17, EU:C:2020:790, paragraph 68.
19Ibid. Decision on the substance 73/2025 — 12/19
obtain and retain proof of identity check, given the legal
guarantees that apply to registered mail;
• the category of data subjects is clear, in particular the persons
receiving a registered mail (the addressee or the authorized representative);
• the necessary personal data for this purpose are specified, in particular the
surname, first name and photo of the data subject;
• the retention period is specified, in particular 13 months;
• the processing is predictable, in particular a handwritten,
photographic or electronic copy of an official government document
containing these personal data is taken at the time of delivery of the
registered mail by the postal worker.
Necessity
46. According to Article 6.1.c) of the GDPR, processing is lawful if and to the extent that
the processing is necessary for the fulfilment of a legal obligation that rests on the
controller. When personal data are processed, they must be adequate and relevant
for the purpose.
47. The Dispute Chamber, together with the defendant, establishes that the Postal Services Act
gives registered mail a special legal value. One of these
guarantees is that the postal worker checks the identity of the addressee, so that
the registered mail is left with the right person with certainty. In order to
prove this check, the Dispute Chamber finds that it is necessary that a copy is taken and
kept of the actually used government document with which the identity check was
carried out. Conclusion
48. The Dispute Chamber finds that, under the Postal Services Act and the
implementing Royal Decree, there is a legal obligation on the defendant to collect and store the
surname, first name and photograph of the complainant for the purpose of ensuring the
legal guarantees of registered mail. The Dispute Chamber therefore finds
no infringement of Article 5.1.a) in conjunction with Article 6.1 of the GDPR.
49. This judgment is in line with the decision of the Dispute Chamber of 13 September 2021. Decision on the merits 73/2025 — 13/19
II.7. The minimum data processing
50. In the legal basis for the processing, the King has left the choice of the medium for the
necessary personal data to the defendant, as long as it is a copy of a government document containing the
recipient's name, first name and photo, or any other means of evidence that the defendant
deems useful. The King therefore leaves it to the defendant to assess which medium is the most
appropriate. The Dispute Chamber follows the defendant when he argues that this choice
belongs to him and not to the person concerned himself, as the complainant seemed to insinuate.
51. In order to make this choice, the defendant currently bases himself on the influence of the
working conditions of the postal workers, the volume of registered mail to be processed and the
authority of the copy as evidentiary value. The defendant also opposes
the choice of a handwritten proof because of possible errors in the
transcription and therefore a possible infringement of the accuracy of the data in accordance with
Article 5.1.d) of the GDPR.
52. However, the Dispute Chamber finds that the defendant does not take into account the principle of
minimum data processing from Article 5.1.c) of the GDPR in this assessment of
the choice of the medium. Moreover, the defendant argues that assessing
minimum data processing would constitute a contra legem interpretation of the implementing
Royal Decree since the choice of a photo of the identity card is literally
included in this Royal Decree. The Dispute Chamber does not follow this reasoning of the
defendant and refers to the material scope of Article 2 of the GDPR and to the
precedence of Union law over national law. In this context, the Dispute Chamber also refers to the judgment in the ‘Mediahuis’ of the Market Court in which the Court makes it clear that a
statutory provision must be set aside if it is not in accordance with a clear provision of
EU law.
53. According to the principle of data minimisation, laid down in Article 5.1.c) of the
GDPR, personal data must be adequate, relevant and limited to what is
necessary for the purposes for which they are processed. Recital 39 of the
GDPR adds: "Personal data may only be processed if the purpose
of the processing cannot reasonably be achieved in any other way." 54. By taking a photo of the identity document of the complainant, the defendant processes
all personal data mentioned on this card and the defendant stores this
data for 13 months. Since the name, first name and photo of the
recipient, in this case the complainant, are on the identity card, this
processing is sufficient for the purpose of the processing.
55. In order to carry out an identity check, the postal worker only has the data
mentioned on the registered mail as a reference: the name, first name and address.
However, the identity card contains more data, such as the date of birth,
place of birth, gender, nationality, identity card number and the
validity period; the new e-ID also contains the national register number on the
front of the card. None of this data is relevant to the defendant,
since he has no reference data with which he could possibly carry out or demonstrate an
additional check. The defendant himself refers to the
card number of the identity card in this regard: “However, it can be said that the
card number of the identity card can be considered to be a more sensitive piece of
information in a certain sense, while the Royal Decree of 14 March 2022 expressly provides for means of proof (e.g.
driving license) that does not contain such data from the identity card”.
56. However, the Dispute Chamber finds that the defendant has apparently changed his mind. In the communication from the defendant to the complainant of 14 May 2024,
after the complaint was filed, it states: “As far as the procedure is concerned, there is an alternative to
taking photos of the identity card. […] The option to refuse the photo
must be offered. […].” 22
57. The procedure for when a person refuses to have a photo taken of his/her identity document is also described in the instructions to the postmen that were added to the
documents by the defendant:
• “Check the identity […]
• Note down the number of the identity card and the full name […]
• Take a photo of your notes with the above details
23
• […]”
58. The same procedure is also described in the frequently asked questions section of the
web page, as provided by the defendant in the documents: “If you prefer not to have a photo
taken of your identity card for a registered letter, there are a number of
alternatives: […] You can also ask the postman for your full name and your
2 Document 24, BPost Synthesis conclusion without documents, marginal number 65.
22
Appendix 20240514_Communication about your file_bpost.pdf in document 8, Complainant Request for copy of file and hearing +
additional information, p. 1.
23Document 12 – Report team briefing Z of 18 October 2023.pdf which forms part of the conclusion of the answer of the
respondent. Decision on the merits 73/2025 — 15/19
identity card number to be noted on the absence message and to
take a photo of it.”
59. In this regard, the Disputes Chamber refers to the advice of the GBA to the minister on
the draft of the implementing Royal Decree:5
“After questioning, the applicant specifies the following in this regard:
‘Proof of correct delivery of the registered letter means that a signature and proof of identity
are collected from the addressee.
[…]
- Proof of identity:
• The postman uses the Mobi to take a
photo of the front of the identity card, with the permission of the recipient. If the
postman knows the recipient, only the name and first name are included in the Mobi. If the recipient does not agree to taking a photo of the front of the identity card, the postman will note the identity card number in the Mobi (or on the proof of delivery and will take a photo of it via the Mobi).’
• […]” . (emphasis by the Dispute Chamber)
60. Regarding this existing policy of the defendant, the Dispute Chamber notes that the
defendant assumes that it is up to the data subject to refuse excessive processing of
his personal data, before offering a more data protection-friendly
alternative. However, the Dispute Chamber points out that it is up to the controller to
apply the principle of minimum data processing in all cases.
61. The Dispute Chamber notes that the defendant does not opt for a means of evidence of which
only the surname, first name and photo are processed or does not take any technical or
organisational measure to prevent the processing of the excess of personal
data on the other evidence.
Conclusion
24 Document 16 – Extract page ‘Frequently asked questions’ identity card.pdf which forms part of the conclusion of the answer of
the defendant.
25
GBA, Advice no. 211/2021 of 16 November 2021, draft royal decree on postal services (CO-A-2021-
189), available at https://www.gegevensbeschermingsautoriteit.be/publications/advies-nr.-211-2021.pdf .
26 Ibid, paragraph 24. Decision on the merits 73/2025 — 16/19
62. In the present case, the Dispute Chamber finds that the processing of a copy of the
identity card is an infringement of the general principle of minimum data processing, one of the five core principles of the GDPR. The fact that the government has included this specific processing in the implementing decree is therefore not in accordance with this principle and must therefore be disregarded or resolved with adequate technical and organisational measures. Such an assessment by the
Dispute Resolution Chamber does not constitute a contra legem interpretation but rather an application of the
primacy of Union law in relation to a national provision that conflicts with it.
63. The Dispute Resolution Chamber finds that the defendant infringes Article 5.1.c) of the
GDPR by processing an excess of the complainant's personal data that is neither relevant
nor limited to what is necessary for the purpose of the processing as laid down in the
legal basis for this processing.
II.8. Storage limitation
64. According to the principle of storage limitation, laid down in Article 5.1.e) of the
GDPR, personal data may only be stored for as long as they are necessary for the
purposes for which they were processed. The implementing Royal Decree stipulates in Article 9, §1 that the
proof of identity verification is kept for 13 months by the postal service provider.
65. The defendant argues that applying a shorter period than provided for in the
implementing Royal Decree would constitute a shortcoming of the legal obligations that rest
on the defendant. It therefore keeps these proofs of identification safely and
for a period of 13 months, after which they are automatically deleted.
66. The Dispute Chamber notes that neither the regulations nor the defendant in its
defences provide an explanation as to why the retention period is set at 13 months. However, the retention period for the
proof of identification corresponds to the imposed retention period for the proof of dispatch.
67. Given the importance of registered mail and the purpose of processing the personal data, in particular the ability to provide proof of the identification of the recipient of a registered mail, and given that the retention period is explicitly stated in the regulations, the Dispute Resolution Chamber finds that the defendant does not infringe Article 5.1.e) of the GDPR. Decision on the merits 73/2025 — 17/19
II.9. The responsibility of the controller
68. In his complaint, the complainant accused the defendant of the fact that the defendant's employees were not
aware of the organisational measures or did not apply these organisational measures.
69. Given the above-mentioned problems concerning the minimum data processing
and the problematic policy of the defendant, whereby it expected the complainant to
oppose the excessive data processing before offering an alternative, the Dispute
Chamber does not consider it appropriate to go into this part of the complaint
further. However, this does not affect the fact that it is up to the defendant, where
necessary, to take measures to ensure full compliance with all obligations arising from the
GDPR and which fall under its responsibility.
III. Corrective measures and sanctions
70. According to the wording of Article 100.1 of the WOG, the Dispute
Chamber has the power to:
1° dismiss a complaint;
2° order that the prosecution be dismissed;
3° order a suspension of the judgment;
4° propose a settlement;
5° issue warnings and reprimands;
6° order that the data subject's requests to exercise his/her rights be complied with;
7° order that the data subject be informed of the security problem;
8° order that the processing be temporarily or definitively frozen, restricted or prohibited;
9° order that the processing be brought into compliance;
10° order the correction, restriction or erasure of data and the notification
thereof to the recipients of the data;
11° order the withdrawal of the recognition of certification bodies;
12° impose penalty payments;
13° impose administrative fines;
14° order the suspension of cross-border data flows to another State
or an international institution; Decision on the merits 73/2025 — 19/19
Such an appeal may be lodged by means of an inter partes application which must contain the information listed in Article 1034ter of the Judicial Code. The 27
inter partes application must be submitted to the registry of the Market Court
28
in accordance with Article 1034quinquies of the Judicial Code, or via the e-Deposit
information system of Justice (Article 32ter of the Judicial Code).
(Get). Hielke H IJMANS
Chairman of the Disputes Chamber
27
The application shall state, on penalty of nullity:
1° the day, month and year;
2° the surname, first name, place of residence of the applicant and, where applicable, his capacity and his national register or
company number;
3° the surname, first name, place of residence and, where appropriate, the capacity of the person to be summoned;
4° the subject and brief summary of the grounds of the action;
5° the judge before whom the action is brought;
6° the signature of the applicant or his lawyer.
28The application and its annex shall be sent, in as many copies as there are parties involved, by registered letter
to the clerk of the court or lodged at the registry.
- ↑ Royal Decree of March 14, 2022 on postal services.
- ↑ In this regard, the DPA referenced the Privacy International ruling of the CJEU. See CJEU, Case C- 623/17, Privacy International, 6 October 2020, margin number 68 (available here).
- ↑ Article 9 § 1: “In order to prove that the identity of the addressee or his proxy has indeed been verified, the postal service provider shall take a handwritten, photographic or electronic copy of the proof of identity or use any other means of proof it deems useful. The proof of delivery, of the verification of the identity and, if necessary, of the verification of the capacity of the proxy, shall be kept by the service provider for thirteen months”.
