Merchant – €10,000 Fine (Belgium, 2019)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Belgian merchant was fined for trying to use electronic ID cards to create customer cards, accessing more personal data than necessary. This matters because it underscores the need to limit data collection to what's truly needed. Companies should ensure they only collect essential information from customers.
What happened
A merchant attempted to use electronic ID cards to gather excessive personal data for customer cards.
Who was affected
Individuals whose personal data on their electronic ID cards was accessed unnecessarily.
What the authority found
The Belgian authority found that the merchant collected more personal data than necessary, violating GDPR's data minimization principle.
Why this matters
This case serves as a warning to businesses to limit data collection to what is strictly necessary. It reinforces the importance of adhering to data minimization principles to comply with privacy laws.
GDPR Articles Cited
The Belgian data protection authority has imposed a fine of 10,000 euros on a merchant who wanted to use an electronic identity card (eID) to create a customer card. The DPA's investigation revealed that the merchant required access to personal data located on the eID, including the photo and barcode which is linked to the data subject's identification number. In the meantime, the decision of the data protection authority has been annulled by a court: link
Related Enforcement Actions (0)
No other enforcement actions found for Merchant in BE
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
17 September 2019
Authority
Autorité de Protection des Données
Fine Amount
€10,000
Enforcement Tracker ID
ETid-80
About this data
Cite as: Cookie Fines. Merchant - Belgium (2019). Retrieved from cookiefines.eu
Last updated: