Redacted – Complaint Upheld (Belgium, 2022)

On 4 September 2021, and again on 19 September 2021, the data subject contacted the controller requesting erasure of her personal data under Article 17 GDPR. On 21 September 2021, the controller confirmed the deletion, as required by Article 12(3) and (4) GDPR. However, the complainant found that her name still appeared on the controller's website. On 21 October 2021 the data subject filed a complaint with the Slovak DPA (Office for Personal Data Protection of the Slovak Republic - UOOU). It referred the case to the Belgian DPA (Belgian Data Protection Authority - APD/GBA) which on 23 November 2021 confirmed that it would act as Lead Supervisory Authority (LSA). During the proceedings the following supervisory authorities confirmed that they would act as Concerned Supervisory Authorities (CSA) next to the Slovak DPA: Ireland (Irish Data Protection Commissioner -DPC), Sweden (Integritetsskyddsmyndigheten - IMY), Estonia (Estonian Data Protection Inspectorate - AKI) and Italy (Garante per la protezione dei dati personali). Under Article 60 GDPR the Belgian DPA (LSA) and other concerned authorities ordered the controller to comply with a data subject's request to erasure according to Article 58(2)(c) GDPR. Based on the documents supporting the complaint, the Beglian DPA found that controller did not comply with the data subject's request to erasure under Article 17(1) GDPR, as the data subject's name was still listed on the data controller's website.