Federale Overheidsdienst Financiën – Complaint Upheld (Belgium, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Belgium's data protection authority found that the Federal Department of Finance correctly removed a person's name from a beneficial ownership register after they claimed it was a mistake. However, the authority said the second controller did not provide enough information about how the person was registered in the first place. This matters because it highlights the importance of clear communication when handling personal data.
What happened
The Belgian data protection authority upheld a complaint regarding unclear communication about a person's registration in a beneficial ownership register.
Who was affected
The person who was mistakenly registered as a beneficial owner in the UBO register was affected.
What the authority found
The authority ruled that while the first controller acted correctly by removing the person's data, the second controller failed to provide clear information about the registration process, violating GDPR's requirement for transparency.
Why this matters
This case emphasizes the need for companies to provide clear and accurate information when processing personal data. It serves as a reminder for businesses to ensure transparency in their data handling practices.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
On 18 December 2023, a data subject filed a complaint with the Belgian DPA (“APD”) against two controllers, regarding the storage and retention of personal data in a beneficial ownership register (“UBO register”). Two controllers were concerned: the first controller was the Federal Department of Finance who processed data in order to prevent money laundering and operated the modalities of the UBO register and the second controller was a company who had a legal obligation to declare a beneficial owner under Belgian law. From 13 July 2023 to 27 August 2023, the data subject was added as a beneficial owner for the second controller. He was informed of this registration in the UBO register on 13 July 2023. The data subject claimed that he was not a beneficial owner and that the registration was in error. On 10 August 2023, the data subject asked to be removed from the UBO register. The first controller confirmed that the data subject was no longer registered as a beneficial owner. On 24 November 2023, the second controller informed him that his personal data would be completely removed from the UBO register. The data subject considered that the second controller did not provide clear information as to how it was possible for him to be registered. Firstly, Article 5(1)(d) GDPR states that the controller must take all reasonable steps to ensure that the data is accurate and up-to date in view of the purposes for which they are processed. If the data is inaccurate, the controller must erase or rectify it. The APD considered that the first controller did in fact comply with this obligation since they informed the data subject by email that his data would be completely removed from the UBO registry so that his name would no longer appear in the history of changes. Secondly, under Article 13 GDPR, the controller must deliver certain information regarding the processing to the data subject. In this case, the APD considered that not all essential information was communicated
Outcome
Complaint Upheld
A data subject complaint that was upheld by the DPA.
Related Enforcement Actions (0)
No other enforcement actions found for Federale Overheidsdienst Financiën in BE
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Federale Overheidsdienst Financiën - Belgium (2024). Retrieved from cookiefines.eu
Last updated: