Merchant

€10,000

Non-compliance with general data processing principles

Decision Date

September 17, 2019

Authority

Belgian Data Protection Authority (APD)

BE

Sector

Industry and Commerce

Country

BE

Law

GDPR

Status

FINAL

Description

The Belgian data protection authority has imposed a fine of 10,000 euros on a merchant who wanted to use an electronic identity card (eID) to create a customer card. The DPA's investigation revealed that the merchant required access to personal data located on the eID, including the photo and barcode which is linked to the data subject's identification number. In the meantime, the decision of the data protection authority has been annulled by a court: link

Legal Citations

Art. 5 (1)

Issues & Violations

Non-compliance with general data processing principles
View Official Document
Back to Fines Database
Previous Fine
Polish National Personal Data Protection Office (U...
Next Fine
Data Protection Authority of Hamburg (HmbBfDI) - C...

Stay Updated on Privacy Enforcement

We respect your privacy. One email per month, no spam, unsubscribe anytime.