Ambuce Rescue Team – €20,000 Fine (Belgium, 2022)

€20,000Autorité de Protection des Données4 April 2022Belgium
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Ambuce Rescue Team was fined EUR 20,000 for improperly handling health questionnaires at Belgian airports. They didn't have a legal basis to collect sensitive health data from travelers. This case stresses the need for clear legal grounds when processing sensitive information.

What happened

Ambuce Rescue Team collected health data from travelers without a valid legal basis.

Who was affected

Travelers at Belgian airports who were asked to fill out health questionnaires.

What the authority found

The Belgian DPA found that Ambuce Rescue Team lacked a valid legal basis for processing sensitive health data, violating GDPR rules.

Why this matters

This ruling highlights the importance of having a clear legal framework for processing sensitive data, especially in health-related contexts. Companies must ensure compliance with privacy laws when handling such information.

GDPR Articles Cited

Art. 5(GDPR)
Art. 6(GDPR)
Art. 9(GDPR)
Belgium enforcementAutorité de Protection des Données actionsAll Ambuce Rescue Team actions
Full Legal Summary
Detailed

The Belgian DPA has fined Ambuce Rescue Team EUR 20,000. The fine is related to the fines against Brussels Airport Charleroi and Brussels Airport Zaventem. Due to the Covid 19 pandemic, the airports used thermal imaging cameras to filter out people with body temperatures above 38 degrees. Those filtered out were then asked to answer questions about possible coronavirus symptoms. In this process, Ambuce Rescue Team provided the questionnaires. Specifically, the DPA found that there was no valid legal basis for processing this health data. Health data are sensitive data in the sense of Art. 9 GDPR. These may only be processed in exceptional cases pursuant to Art. 9 (2) GDPR. One such exceptional case is processing on the grounds of public interest in the area of public health. For this, however, the processing must be based on a clear legal norm. In the cases at hand, the processing was based on a protocol that did not meet these requirements.

Related Enforcement Actions (0)

No other enforcement actions found for Ambuce Rescue Team in BE

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

4 April 2022

Authority

Autorité de Protection des Données

Fine Amount

€20,000

Enforcement Tracker ID

ETid-1118

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Ambuce Rescue Team - Belgium (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: