The Federal Public Service (FPS) Health, Food Chain Safety and Environment – Court Ruling (Belgium, 2019)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Belgian DPA reprimanded the FPS Health for not responding to a healthcare professional's data access request. The FPS failed to establish proper internal procedures to handle such requests, violating GDPR standards. This case emphasizes the importance of having clear procedures for data access requests.
What happened
The FPS Health did not respond to a healthcare professional's request to access data about their appointment withdrawal.
Who was affected
A healthcare professional whose appointment as a deputy member of a medical commission was withdrawn.
What the authority found
The DPA found that FPS Health failed to comply with GDPR by not having proper procedures for handling data access requests.
Why this matters
This case underlines the necessity for organizations to establish and maintain robust procedures for managing data access requests, ensuring compliance with GDPR's accountability standards.
GDPR Articles Cited
The appealed decision concerns a healthcare professional (data subject) whose appointment as a deputy member of PGC Limburg (Provinciale Geneeskundige Commissie van Limburg) was withdrawn by a decision correcting his previous appointment. The data subject submitted an access request at the FPS Public Health (controller) to figure out why his appointment was withdrawn. With no response from the FPS Public Health, he filed a first complaint with the Belgian DPA. In October 2018, the DPA ordered the FPS Public Health to respond to the data subject's request, but the FPS did not comply. The data subject then filed a second complaint in 2019. The DPA found that the FPS had not established internal procedures in compliance with the GDPR's standards. In doing so, the FPS Public Health also failed to comply with the principle of accountability (Article 5(2) GDPR). The DPA noted that the FPS acknowledged these facts and stated that there were problems with its internal procedures. The DPA decided to reprimand the FPS for its violations. Additionally, the DPA held that the FPS must implement internal procedures in line with the GPDR. In the appeal procedure, the FPS argues that: 1. the complaint has become devoid of all purpose 2. the DPA interprets the right to access to broad, violating Article 15 GDPR; 3. there was no violation of Article 12(3) and 12(4) GDPR, as it has a procedure in place to handle these requests; and 4. the DPA exceeded the limits of its competence, as the decision was based on violations that were not stated by the data subject. The Court of Appeal of Brussels held that, while the purpose of the complaint deviates from that of the appealed decision, the DPA can, on its own initiative, investigate the controller after a complaint. The Court found no trace of the FPS's alleged statement that it commited any kind of error in the record of the proceedings. However this was indicated by the DPA and, moreover, used to substantiate its decision. The Co
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for The Federal Public Service (FPS) Health, Food Chain Safety and Environment in BE
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. The Federal Public Service (FPS) Health, Food Chain Safety and Environment - Belgium (2019). Retrieved from cookiefines.eu
Last updated: