Proximus N.V. – Court Ruling (Belgium, 2021)

In this case Proximus had failed to grant a woman's right of erasure of her personal data and had passed the data on to other telephone directories and directory enquiry services even after receiving several complaints and correspondence from the data subject. On request of the data subject, Proximus had changed the code linked to the data subject's data from 'visible' to 'confidential'. After adjusting the code regarding publication, Proximus received new contact details of the person concerned from her operator, as a result of which the data in the underlying database was automatically overwritten with the new data from the operator. The Belgian DPA imposed a fine of €20,000 on the defendant defendant for infringement of Articles 6, 7 and 12 of the GDPR. In the contested decision, the Belgian DPA found the infringement of Article 6, 7, 12, 13 and 24 GDPR sufficiently proven. In addition, the DPA ordered the defendant to cease any further disclosure of personal data of subscribers to third parties of telephone directory or inquiry services when Proximus acquired these data only as a provider of telephone directories and directory enquiry services, taking into account a transition period in order to give Proximus (and the telecommunications sector in a broader context) the opportunity to develop a new privacy compliant system. With regard to the question of whether consent is required to be included in telephone directories or not and what scope of this consent is, the Court of Appeal also considered that: 1° In situations where the e-Privacy Directive specifies the rules laid down in the GDPR, these specific provisions of the e-Privacy Directive as lex specialis prevail over the more general provisions of the GDPR. (principle of Lex specialis derogate legi generali) 2° Article 12(1) and recital 38 of the ePrivacy Directive refer to the requirement of informed consent within the meaning of Directive 95/46/EG of subscribers for being included in public directorie