CIBES vs Vivalia โ Court Ruling (Belgium, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Belgian Council of State suspended a hospital network's decision to award a data processing contract to a company with questionable data transfer practices. The ruling emphasizes the need for public bodies to ensure data protection compliance before awarding contracts. This case is a reminder for organizations to verify data handling practices of their partners.
What happened
The Council of State suspended VIVALIA's contract award to 3M Belgium due to concerns over data transfer practices.
Who was affected
Patients whose data was to be processed by the contractor chosen by VIVALIA.
What the authority found
The Council of State ruled that VIVALIA must ensure that any awarded contract complies with GDPR data protection standards.
Why this matters
This decision highlights the responsibility of public authorities to thoroughly vet contractors for GDPR compliance, especially regarding international data transfers. It serves as a cautionary tale for organizations to scrutinize their partners' data protection measures.
GDPR Articles Cited
VIVALIA, a public network of hospitals, launched a call for proposals to find a contractor to process patient data of hospitals for statistical purposes. The public contract was awarded to 3M Belgium, a Belgian company that had been in the news for allegedly transferring data to the US and Russia without appropriate safeguards. On this basis, a spin-off of the UC Louvain (CIBES), which also took part in the public procurement procedure, challenged VIVALIA's decision before the Council of State. The Council of State considered that, before awarding a public contract, the public authority ought to make the necessary verifications regarding the submitted proposals and to correctly motivate the reasons why it could consider that the selected proposal presented the "sufficient guarantees" to consider that the entrusted data and information would be processed in compliance with the GDPR. The decision to award the contract was suspended, without the Council of State examining whether or not the two bidders (CIBES & 3M) complied with the GDPR.
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for CIBES vs Vivalia in BE
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. CIBES vs Vivalia - Belgium (2022). Retrieved from cookiefines.eu
Last updated: