Belgian Municipality – Violation Found (Belgium, 2025)
A Belgian municipality faced scrutiny from the data protection authority for sending promotional emails without a valid legal basis. The mayor used his official email to promote a book to 992 recipients, which raised concerns about how personal data was handled. This situation illustrates the need for public officials to follow data protection rules when using their professional communications.
What happened
The mayor of a Belgian municipality sent promotional emails using his official email without a valid legal basis for processing the recipients' data.
Who was affected
The 992 recipients of the promotional email were affected by the lack of proper data processing practices.
What the authority found
The authority found that the mayor violated GDPR rules by not having a valid legal basis for the email communications.
Why this matters
This case highlights that public officials must adhere to data protection laws, reinforcing the importance of compliance in all communications.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
Entities Involved
The defendant is the mayor of a municipality that sent an email promoting the release of his new book that he co-authored. The email in question was sent using his professional email address and was sent to in total 992 recipients through the ‘functional mailing group’ database of the municipality. The recipients can be divided into different groups namely, external contacts, personal contacts and internal contacts. It is important to note that from November 2023 until December 2024, the DPO of the municipality was also the communication expert. The email in question was sent during this period. In April 2024, a candidate for alderman in the same municipality submitted a complaint to the DPA. Pursuant to the complaint, the case was referred to the Dispute Chamber, entailing the involvement of the Dispute Resolution Chamber. On December 4th 2024, the complainant withdrew his complaint stating that his motivations were partly politically based on the contextual setting before the submission of the complaint, referring to his election as alderman after the complaint was filed. Shortly after, the Dispute Resolution Chamber of the DPA closed the file pertaining to the complaint but decided to pursue the case. The DPA’s Resolution Chamber investigated and found violations that can be grouped in three categories. Firstly, the DPA found a violation of Article 5(1)(a) and Article 6(1) by the mayor because of the lack of valid legal basis for the further processing he performed on the data sets of the municipality. Initially, the contact details of the recipients were collected by the municipality for public interest purposes. The mayor was deemed a separate controller for the ‘further processing’ under Article 6(4), which requires an assessment of compatibility between the initial purpose of collection and the subsequent processing. The DPA concluded that the initial purpose and the further processing purpose are not compatible given the political and hierarchical re
Outcome
Violation Found
The DPA found a violation but did not impose a fine.
Related Enforcement Actions (0)
No other enforcement actions found for Belgian Municipality in BE
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Belgian Municipality - Belgium (2025). Retrieved from cookiefines.eu
Last updated: