Brussels Airport Charleroi – €100,000 Fine (Belgium, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Brussels Airport Charleroi was fined EUR 100,000 for using thermal cameras to check travelers' temperatures without proper legal grounds. The airport didn't have a clear law allowing them to collect sensitive health data like body temperature. This case highlights the need for clear legal backing when handling sensitive data.
What happened
Brussels Airport Charleroi used thermal cameras to monitor travelers' temperatures without a valid legal basis.
Who was affected
Travelers at Brussels Airport Charleroi who had their temperatures checked and were asked about coronavirus symptoms.
What the authority found
The Belgian DPA found that the airport lacked a valid legal basis for processing sensitive health data, violating GDPR rules.
Why this matters
This case emphasizes that even during health crises, organizations must ensure they have a clear legal basis for processing sensitive data. Businesses should review their data practices to ensure compliance with privacy laws.
GDPR Articles Cited
The Belgian DPA has fined Brussels Airport Charleroi EUR 100,000. The DPA had launched an investigation against the airport following media reports about temperature monitoring of persons at the airport. Due to the Covid-19 pandemic the airport used thermal imaging cameras to filter out people with body temperatures above 38 degrees. Those filtered out were then required to answer questions about possible coronavirus symptoms. The DPA particularly noted that the airport did not have a valid legal basis for processing this health data. Health data constitute sensitive data according to Art. 9 GDPR. These may only be processed in exceptional cases pursuant to Art. 9 (2) GDPR. One such exceptional case is processing on the grounds of public interest in the area of public health. For this, however, the processing must be based on a clear legal norm. In the present case, the processing was based on a protocol which did not meet these requirements. In addition, the DPA found deficiencies in the data protection impact assessment. Moreover, the airport failed to properly inform the data subjects about the processing of the data.
Related Enforcement Actions (0)
No other enforcement actions found for Brussels Airport Charleroi in BE
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
4 April 2022
Authority
Autorité de Protection des Données
Fine Amount
€100,000
Enforcement Tracker ID
ETid-1117
About this data
Cite as: Cookie Fines. Brussels Airport Charleroi - Belgium (2022). Retrieved from cookiefines.eu
Last updated: