Brussels Airport Zaventem – €200,000 Fine (Belgium, 2022)

€200,000Autorité de Protection des Données4 April 2022Belgium
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Brussels Airport Zaventem was fined €200,000 for using thermal cameras to monitor passengers' temperatures without proper legal backing. The Belgian Data Protection Authority found that the airport did not adequately inform passengers or have a valid legal reason for processing their health data. This case emphasizes the need for clear legal grounds when handling sensitive information.

What happened

Brussels Airport Zaventem used thermal cameras to monitor passengers' temperatures without a valid legal basis.

Who was affected

Passengers at Brussels Airport Zaventem who were subject to temperature checks and health data processing.

What the authority found

The Belgian Data Protection Authority determined that the airport lacked a valid legal basis for processing health data, violating GDPR requirements.

Why this matters

This decision reinforces the necessity for businesses to establish a clear legal basis for processing sensitive data, particularly in health-related situations. It also highlights the importance of transparency with individuals about data processing activities.

GDPR Articles Cited

AI-verified

Art. 12 GDPR
Art. 5(1)(c) GDPR
Art. 6(1)(e) GDPR
Art. 9(2)(g) GDPR
Art. 13(1)(c) GDPR
Art. 13(2)(e) GDPR
Art. 35(1) GDPR
Art. 35(3) GDPR
Art. 35(7)(b) GDPR
View original scraped data
Art. 5(1)(c) GDPR
Art. 6(1)(e) GDPR
Art. 9(2)(g) GDPR
Art. 12 GDPR
Art. 13(1)(c) GDPR
Art. 13(2)(e) GDPR
Art. 35(1) GDPR
(3)
(7) b) GDPR

Original data from scraper before AI verification against source document.

Entities Involved

Brussels Airport Company SA
€200,000
(controller)
Ambuce Rescue Team SA0(processor)
Source verified 6 March 2026
entity split needed
Belgium enforcementAutorité de Protection des Données actionsAll Brussels Airport Zaventem actions
Full Legal Summary
Detailed

The Belgian DPA has fined Brussels Airport Zaventem EUR 200,000. The DPA had launched an investigation against the airport following media reports about temperature monitoring of persons at the airport. Due to the Covid-19 pandemic the airport used thermal imaging cameras to filter out people with body temperatures above 38 degrees. Those filtered out were then required to answer questions about possible coronavirus symptoms. The DPA particularly noted that the airport did not have a valid legal basis for processing this health data. Health data constitute sensitive data according to Art. 9 GDPR. These may only be processed in exceptional cases pursuant to Art. 9 (2) GDPR. One such exceptional case is processing on the grounds of public interest in the area of public health. For this, however, the processing must be based on a clear legal norm. In the present case, the processing was based on a protocol which did not meet these requirements. In addition, the DPA found deficiencies in the data protection impact assessment. Moreover, the airport failed to properly inform the data subjects about the processing of the data.

Related Enforcement Actions (0)

No other enforcement actions found for Brussels Airport Zaventem in BE

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

4 April 2022

Authority

Autorité de Protection des Données

Fine Amount

€200,000

Enforcement Tracker ID

ETid-1116

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Brussels Airport Zaventem - Belgium (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: