Privacy Blog
BELGIAN DPA IMPOSES €20.000 FINE ON PROXIMUS FOR SEVERAL DATA PROTECTION INFRINGEMENTS
21.08.2020
The Belgian DPA imposed a fine of 20.000 EUR on telecom operator Proximus on the ground that the operator has processed personal data for the purpose of publishing public telephone directories.
In the fact, Proximus as publisher of its own public directory, responded in affirmative the plaintiff’s request that its personal data would no longer be published in Proximus’ public directory, as well as the publication of the personal data in the directory of other publishers.
However, the plaintiff has considered that his personal data had not only been published in the directory of Proximus, but also in the ones of other publishers of a public directory.
Even though, in Belgium, the consent for the publication in a public directory is given in accordance with the provisions of national telecommunications law, the provisions with regard to consent of the GDPR remain applicable as preconditions for lawful processing with regard to the consent in the national law.
The DPA upheld that as a data controller, Proximus has a responsibility to align the withdrawing of the data subject’s consent with the actual processing activities, however apparently it did not take the appropriate measures to ensure that the personal data of the complainant was not unlawfully processed after the withdrawal of the consent. Moreover, in addition to non-facilitation the exercise of data subject’s rights, Proximus also did not provide the data subject with transparent information during and after the handling of his request.
You can read the announcement of the DPA here.
Should you have any queries and/or remarks, please do not hesitate to contact us.
Kind regards,
Zumbul Attorneys-at-Law