Unknown – €25,000 Fine (Belgium, 2021)

€25,000Autorité de Protection des Données22 January 2021Belgium
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A Belgian mobile operator was fined EUR 25,000 for mistakenly giving a customer's phone number to someone else. This mistake allowed the third party to access the customer's personal data and accounts. This case is important because it shows how serious the consequences can be if companies don't protect customer data properly.

What happened

A mobile operator assigned a customer's phone number to an unauthorized person, leading to data exposure.

Who was affected

A mobile phone customer who lost access to their number and personal accounts.

What the authority found

The Belgian DPA fined the mobile operator for failing to protect the customer's data, violating GDPR's security and accountability requirements.

Why this matters

This fine emphasizes the importance of safeguarding customer data and the risks of data breaches. Companies should review their procedures to prevent unauthorized access to personal information.

GDPR Articles Cited

Art. 24 GDPR
Art. 32 GDPR
Art. 5(1)(f) GDPR
Art. 33(1) GDPR
Art. 34(1) GDPR
Belgium enforcementAutorité de Protection des Données actionsAll Unknown actions
Full Legal Summary
Detailed

The Belgian DPA fined a mobile operator EUR 25,000. The controller had assigned the data subject's phone number to an unauthorized third party, causing the data subject to lose access to his/her phone number. As the SIM card of the data subject had been deactivated, that would have allowed the third party to access various personal data of the data subject in the period between September 16 and September 19, 2019, such as call history and accounts of various services (e.g. Paypal, WhatsApp and Facebook) associated with the number.

Related Enforcement Actions (4)

Other enforcement actions involving Unknown in BE

Fine
Jun 2020· Autorité de Protection des Données

The data subject repeatedly received e-mails with advertising content from a company, although the data subject had objected to the processing of his ...

€1K
Fine
Dec 2020· Autorité de Protection des Données

The Belgian DPA (APD) imposed a fine of EUR 15,000 on a company due to insufficient fulfilment of data subject rights. The controller is a debt collec...

€15K
Fine
Dec 2020· Autorité de Protection des Données

The Belgian DPA (APD) imposed a fine of EUR 50,000 on a company for several violations of the GDPR. The controller is a company that carries out parki...

€50K
Current
Jan 2021

Fine

€25K

Fine
Dec 2021· Autorité de Protection des Données

The Belgian DPA has imposed a fine of EUR 10,000 against a company. The data subject had repeatedly received mail with advertising content from a comp...

€10K

Details

Fine Date

22 January 2021

Authority

Autorité de Protection des Données

Fine Amount

€25,000

Enforcement Tracker ID

ETid-533

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Unknown - Belgium (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: