Belgian Municipality – Violation Found (Belgium, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Belgian municipality's mayor was found to have violated privacy rules by sending promotional emails without a valid legal basis. This ruling is significant because it shows that even public officials must follow data protection laws. Local governments and organizations should ensure they have the right reasons to process personal data.
What happened
The mayor sent promotional emails to nearly 1,000 recipients without a valid legal basis for processing their data.
Who was affected
Recipients of the promotional emails sent by the mayor were affected.
What the authority found
The Belgian Data Protection Authority found that the mayor lacked a valid legal basis for the email promotions, violating privacy rules.
Why this matters
This case highlights that all organizations, including public entities, must comply with data protection laws. It reinforces the need for proper legal grounds when processing personal data.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
Entities Involved
The defendant is the mayor of a municipality that sent an email promoting the release of his new book that he co-authored. The email in question was sent using his professional email address and was sent to in total 992 recipients through the ‘functional mailing group’ database of the municipality. The recipients can be divided into different groups namely, external contacts, personal contacts and internal contacts. It is important to note that from November 2023 until December 2024, the DPO of the municipality was also the communication expert. The email in question was sent during this period. In April 2024, a candidate for alderman in the same municipality submitted a complaint to the DPA. Pursuant to the complaint, the case was referred to the Dispute Chamber, entailing the involvement of the Dispute Resolution Chamber. On December 4th 2024, the complainant withdrew his complaint stating that his motivations were partly politically based on the contextual setting before the submission of the complaint, referring to his election as alderman after the complaint was filed. Shortly after, the Dispute Resolution Chamber of the DPA closed the file pertaining to the complaint but decided to pursue the case. The DPA’s Resolution Chamber investigated and found violations that can be grouped in three categories. Firstly, the DPA found a violation of Article 5(1)(a) and Article 6(1) by the mayor because of the lack of valid legal basis for the further processing he performed on the data sets of the municipality. Initially, the contact details of the recipients were collected by the municipality for public interest purposes. The mayor was deemed a separate controller for the ‘further processing’ under Article 6(4), which requires an assessment of compatibility between the initial purpose of collection and the subsequent processing. The DPA concluded that the initial purpose and the further processing purpose are not compatible given the political and hierarchical re
Outcome
Violation Found
The DPA found a violation but did not impose a fine.
Related Enforcement Actions (0)
No other enforcement actions found for Belgian Municipality in BE
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Belgian Municipality - Belgium (2025). Retrieved from cookiefines.eu
Last updated: