An unnamed telecom provider – Court Ruling (Belgium, 2025)

Court Ruling
Autorité de Protection des Données22 January 2025Belgium
final
Court Ruling

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A Belgian telecom provider took too long to respond to a customer's request for access to their personal data. After 14 months, the company finally replied, but the delay led to a court case. This ruling emphasizes the need for companies to respond quickly to data access requests.

What happened

A telecom provider failed to respond to a customer's access request under GDPR for 14 months.

Who was affected

The customer who filed a complaint about the delayed response to their data access request.

What the authority found

The Belgian Court reduced the initial fine against the telecom provider, stating the delay was an isolated incident and did not cause harm.

Why this matters

This case highlights the importance of timely responses to data access requests. Companies should improve their procedures to avoid delays and potential legal issues.

GDPR Articles Cited

AI-verified

Art. 15(GDPR)
View original scraped data
Art. 15(GDPR)

Original data from scraper before AI verification against source document.

Decision AuthorityCourt of Appeal of Brussels (Belgium)
Reviewed AuthorityAPD/GBA (Belgium)
Source verified 19 March 2026
amount discrepancy
authority corrected
Belgium enforcementAutorité de Protection des Données actionsAll An unnamed telecom provider actions
Full Legal Summary
Detailed

A customer (the data subject) filed a complaint against their telecom provider (the controller) after it failed to respond to their access request under Article 15 GDPR. The controller eventually responded to the request 14 months later, when the complaint was already pending. The Belgian DPA fined the controller €100,000 for violating Article 15 GDPR. The controller challenged the fine before the Belgian Court of Appeals. The Court reformed the DPAs decision and reduced the amount of the fine to €5,000. The Court found that the original €100,000 fine was disproportionate for a number of reasons: * the infraction was an isolated incident, affected a single data subject, and did not involve special categories of data; * the controller had no history of violating the GDPR; * the infraction caused no damage to the data subject but only mere inconvenience: * the infraction was not intentional; * the controller collaborated with the DPA during the investigation and implemented better procedures for handling access requests after the complaint was filed.

Outcome

Court Ruling

A ruling by a national court on a data-protection matter.

Related Cases (0)

No other cases found for An unnamed telecom provider in BE

This is the only recorded case for this entity in this jurisdiction.

Details

Ruling Date

22 January 2025

Authority

Autorité de Protection des Données

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. An unnamed telecom provider - Belgium (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: