Federale Overheidsdienst Financiën – Complaint Upheld (Belgium, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
On 18 December 2023, a data subject filed a complaint with the Belgian DPA (“APD”) against two controllers, regarding the storage and retention of personal data in a beneficial ownership register (“UBO register”). Two controllers were concerned: the first controller was the Federal Department of Finance who processed data in order to prevent money laundering and operated the modalities of the UBO register and the second controller was a company who had a legal obligation to declare a beneficial owner under Belgian law. From 13 July 2023 to 27 August 2023, the data subject was added as a beneficial owner for the second controller. He was informed of this registration in the UBO register on 13 July 2023. The data subject claimed that he was not a beneficial owner and that the registration was in error. On 10 August 2023, the data subject asked to be removed from the UBO register. The first controller confirmed that the data subject was no longer registered as a beneficial owner. On 24 November 2023, the second controller informed him that his personal data would be completely removed from the UBO register. The data subject considered that the second controller did not provide clear information as to how it was possible for him to be registered. Firstly, Article 5(1)(d) GDPR states that the controller must take all reasonable steps to ensure that the data is accurate and up-to date in view of the purposes for which they are processed. If the data is inaccurate, the controller must erase or rectify it. The APD considered that the first controller did in fact comply with this obligation since they informed the data subject by email that his data would be completely removed from the UBO registry so that his name would no longer appear in the history of changes. Secondly, under Article 13 GDPR, the controller must deliver certain information regarding the processing to the data subject. In this case, the APD considered that not all essential information was communicated
GDPR Articles Cited
On 18 December 2023, a data subject filed a complaint with the Belgian DPA (“APD”) against two controllers, regarding the storage and retention of personal data in a beneficial ownership register (“UBO register”). Two controllers were concerned: the first controller was the Federal Department of Finance who processed data in order to prevent money laundering and operated the modalities of the UBO register and the second controller was a company who had a legal obligation to declare a beneficial owner under Belgian law. From 13 July 2023 to 27 August 2023, the data subject was added as a beneficial owner for the second controller. He was informed of this registration in the UBO register on 13 July 2023. The data subject claimed that he was not a beneficial owner and that the registration was in error. On 10 August 2023, the data subject asked to be removed from the UBO register. The first controller confirmed that the data subject was no longer registered as a beneficial owner. On 24 November 2023, the second controller informed him that his personal data would be completely removed from the UBO register. The data subject considered that the second controller did not provide clear information as to how it was possible for him to be registered. Firstly, Article 5(1)(d) GDPR states that the controller must take all reasonable steps to ensure that the data is accurate and up-to date in view of the purposes for which they are processed. If the data is inaccurate, the controller must erase or rectify it. The APD considered that the first controller did in fact comply with this obligation since they informed the data subject by email that his data would be completely removed from the UBO registry so that his name would no longer appear in the history of changes. Secondly, under Article 13 GDPR, the controller must deliver certain information regarding the processing to the data subject. In this case, the APD considered that not all essential information was communicated
Outcome
Complaint Upheld
A data subject complaint that was upheld by the DPA.
Related Enforcement Actions (0)
No other enforcement actions found for Federale Overheidsdienst Financiën in BE
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Federale Overheidsdienst Financiën - Belgium (2024). Retrieved from cookiefines.eu
Last updated: