Liquor store – Court Ruling (Belgium, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Belgian court annulled a decision by the data protection authority against a liquor store for scanning customer IDs. The court found the authority's decision was not well-reasoned and based on outdated laws. This case shows that businesses should ensure their data practices comply with current laws and that authorities must provide clear reasoning for their decisions.
What happened
The court annulled the data protection authority's decision against a liquor store for scanning customer IDs.
Who was affected
Customers of the liquor store who were required to have their electronic IDs scanned.
What the authority found
The court found that the data protection authority's decision was insufficiently reasoned and based on outdated legislation.
Why this matters
This ruling highlights the importance of clear legal reasoning in enforcement actions and reminds businesses to stay updated on current data protection laws.
GDPR Articles Cited
In August 2018, the DPA received a complaint from a customer (the data subject) regarding a liquor store (the controller). According to the complaint, the store had required this person to let them scan their electronic ID in order to issue a customer card. After an investigation, the DPA concluded that the controller had breached the GDPR. More specifically, according to the DPA the controller: 1. Did not have a valid legal basis for processing. Consent was not freely given because no alternative was offered to the complainant, in violation of Article 6(1) GDPR; 2. Did not provide the complainant with enough information prior to the processing, in violation of Article 13 GDPR; 3. Processed more personal data than necessary, including national ID number, date of birth and gender, in violation of Article 5(1)(c) GDPR. The appeal against the DPA's decision was based on 9 points, among which was the claim that the DPA violated Article 52(1), Article 54(2) and Article 82(2) GDPR. Most importantly, the controller challenged two of the three findings of the DPA, which had led to the fine: the absence of a valid legal basis for personal data processing and the breach of the data minimization principle. They did not contest the lack of information. The Court annulled the DPA’s decision as it was insufficiently reasoned and based on a legislation that was not applicable at the time of the complaint. The Court did not have the power to order the DPA to pay back the fine, as that falls outside of its jurisdiction, but it did quash the decision imposing the fine. The Court held that, first, the DPA had no evidence to support the finding that the controller was actually processing the national ID number of the data subject. Second, the controller was not obliged to give the data subject an alternative way of creating a discount card because the relevant provision of the e-ID law was not applicable at the time. Thirdly, the Court found that no personal data processing took
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Violations (1)
The cookie banner or cookie policy provides vague, incomplete, or unclear information about what cookies are used and why.
Art. 12, 13 GDPR
Related Cases (0)
No other cases found for Liquor store in BE
This is the only recorded case for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
About this data
Cite as: Cookie Fines. Liquor store - Belgium (2020). Retrieved from cookiefines.eu
Last updated: