Gegevensbeschermingsautoriteit – Court Ruling (Belgium, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Belgian court upheld the decision of the data protection authority to dismiss a complaint about unauthorized access to professional mailboxes. The court agreed that the complaint was part of a broader trade union dispute and not within the authority's scope. This case illustrates the limits of data protection authorities in handling disputes linked to other legal issues.
What happened
The Belgian data protection authority dismissed a complaint about unauthorized access to professional mailboxes.
Who was affected
The complainants whose professional mailboxes were accessed without their consent.
What the authority found
The court agreed with the data protection authority's decision to dismiss the complaint, citing its independence and discretion under GDPR to decide on such matters.
Why this matters
This case shows that data protection authorities have discretion in deciding which complaints to pursue, especially when they overlap with other legal disputes. It highlights the importance of understanding the scope and limits of privacy laws in complex cases.
GDPR Articles Cited
National Law Articles
on 21 April 2022, the complainants filed a complaint with the data protection authority alleging the unlawful consultation of their professional mailboxes by the DPO of defendant when investigating the leak of an internal mail to a trade union organization, ACV. The complainants state that they were not aware of this processing and that it should not have happened without their consent. The disputes chamber has dismissed the complaint on the grounds of (i) the absence of a high risk within the meaning of Article 35.5 GDPR and (ii) the fact that the present complaint is only a side dispute that is part of a broader trade union dispute for which it is not competent . When appealing against the decision of the litigation chamber, the complainants rely on the following defenses: (i) violation of the dismissal policy of the litigation chamber; (ii) violation of the right to participate during the pre-litigation phase and ask the court to annul the contested decision and order the data protection authority to pay the costs of the proceedings. Regarding the motivation of the dismissal, the litigation chamber admits that due to a technical error, the contested decision once refers incorrectly to a 'technical dismissal', while it is clear that they mean a dismissal for reasons of expediency, since the litigation chamber considers a hearing on the merits undesirable and refers to 3.2.1. of the dismissal policy that deals with the dismissal for reasons of expediency. The court follows the reasoning of the DPA and dismisses this part of the complaint. the Court of Appeal refers within this framework to an earlier judgment that the DPA, as a supervisory authority, is completely independent under Article 52 GDPR in the performance of the tasks and powers entrusted to it and, as a result, has a discretionary power to decide whether or not to dismiss a complaint. With regard to violating the adversarial debate, the law establishing the data protection authority makes a clear dist
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Gegevensbeschermingsautoriteit in BE
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Gegevensbeschermingsautoriteit - Belgium (2023). Retrieved from cookiefines.eu
Last updated: