APD/GBA - DOS-2019-01356
|APD/GBA - DOS-2019-01356|
|Relevant Law:||Article 4(11) GDPR|
|National Case Number:||DOS-2019-01356|
|European Case Law Identifier:||n/a|
|Appeal:||Cour des marchés de la cour d'appel de Bruxelles (Belgium)|
French and Dutch
|Original Sources:||GBA (in NL)|
The APD/GBA fined € 15.000 for cookies placed without prior consent.
English Summary[edit | edit source]
Facts[edit | edit source]
The ADP/GBA conducted investigations into a webpage for violations of Article 6(1)(a), 12 and 13 GDPR.
Holding[edit | edit source]
After having conducted investigations, the GBA submitted a report in June 2019 regarding several violations:
- The policies did not contain transparent information regarding the data subject’s rights and their exercise. Thus, the GBA considered that the company violated Article 12 GDPR.
- The company did not provide information regarding the legal basis for the processing, the data subject's rights nor the retention period, and was, thus, in breach of Article 13 GDPR.
Following this report, the GBA issued a decision confirming that the company did infringe the national law implementing the ePrivacy Directive and the GDPR on the grounds mentioned above. As a consequence, the GBA fined the company € 15.000.
Comment[edit | edit source]
Several in-depth commentaries of the decision are available in English:
- You may need a new DPO, according to the Belgian Data Protection Authority
- Belgium – Can a “head of” act as a data protection officer?
Further Resources[edit | edit source]
Share blogs or news articles here!
English Machine Translation of the Decision[edit | edit source]
The decision below is a machine translation of the Dutch original. Please refer to the French or Dutch original for more details.