A company associate (plaintiff) – Complaint Upheld (Belgium, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
In Belgium, a notary mistakenly published unnecessary personal data in a legal journal, and the Belgian DPA upheld a complaint against the federal service responsible for the publication. The DPA ruled that even legally required publications must not include unnecessary personal data. This case stresses the need for careful handling of personal data even in mandatory disclosures.
What happened
A notary published unnecessary personal data in a legal journal, and the Belgian DPA upheld a complaint against the federal service responsible.
Who was affected
The associate of a company whose personal data was unnecessarily published in the Belgian State Journal.
What the authority found
The Belgian DPA ruled that the federal service could not justify the unnecessary publication of personal data, even if it was part of a legal obligation.
Why this matters
This decision emphasizes that even when publishing data is legally required, organizations must ensure that only necessary information is disclosed. It serves as a reminder to businesses and legal professionals to carefully review data disclosures to comply with privacy laws.
GDPR Articles Cited
National Law Articles
Entities Involved
The plaintiff, an associate in a limited company, had decided with their co-associate to reduce their company's capital, for which a publication in the Belgian State Journal (Moniteur belge) is an obligation under the Belgian corporate law. The notary mandated by the associates to do the publication in their name not only informed about the reduction of capital but also mistakenly indicated the amount reimbursed to the associates as well as their personal bank account number. The plaintiff asked the notary to proceed to the erasure of these complementary and in their eyes unnecessary information. Following this, the notary requested that the Belgian federal public service (SPF, the defendant), responsible for the journal, erased the plaintiff's data of whom he acted on behalf of. The request was met with a refusal, the SPF mostly arguing that whatever the data published, since they were linked to publication required by the law, they could not be erased. After further exchanges and with the SPF still refusing to erase the concerned data, the plaintiff lodged a complaint with the Belgian DPA, mainly claiming that the SPF had no actual legal basis pursuant to Article 6 GDPR for processing the litigious data. Can a legal obligation under national law justify the processing of data that may be unnecessary for the intended purposes of the processing? Before giving its decision on the question in dispute, the Belgian DPA reminded the defendant that the plaintiff's notary's mistake of publishing unnecessary data, was no reason for justifying that the defendant should not be held liable for a possible unlawful processing, as the SPF argued. A data controller always being accountable for the data they process, no matter in what way obtained, the liability of the defendant could indeed also be sought in this case. Thereupon, the DPA states that even if the publication was an obligation under the applicable corporate law and the data processing herewith found its legal
Outcome
Complaint Upheld
A data subject complaint that was upheld by the DPA.
Related Enforcement Actions (0)
No other enforcement actions found for A company associate (plaintiff) in BE
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. A company associate (plaintiff) - Belgium (2021). Retrieved from cookiefines.eu
Last updated: