Articles

Digital Law Up(to)date: Dismissal of a complaint by the DPA for not processing the complainant's data

Digital Law Up(to)date: Dismissal of a complaint by the DPA for not p

Digital Law Up(to)date: Dismissal of a complaint by the DPA for not processing the complainant's data

05.11.2021 BE law

In this blog, we briefly present a recent decision by the litigation chamber of the Belgian DPA that can be put into perspective with the earlier decision of the Supreme Court of 7 October 2021 considering that the DPA has to deal with a complaint filed by a person whose data had not been processed.

 

A recent decision (only available in Dutch) by the litigation chamber of the Belgian Data Protection Authority (DPA) can be put into perspective with the decision of the Supreme Court of 7 October 2021 (which we reported here) considering that the DPA has to deal with a complaint filed by a person whose data had not been processed.

In this case, the complainant found that the ombudsman contact form offered by a hospital was not sufficiently secure (e.g. no encryption for the transfer of sensitive health data, unsecured connection). The inspection service of the DPA identified several breaches of data protection legislation (e.g. article 32 “security of processing”). The complainant did not use the form to avoid such insecure processing.

The litigation chamber rejects the complaint, as there was no processing of the data subject's data. The complainant had thus no personal interest.

Is this decision of the DPA contrary to the earlier judgment of the Supreme Court? The litigation chamber cites the Supreme Court decision but notes that in this case the ombudsman is accessible other via other channels than the online form (via the telephone or a form to be completed directly at the hospital). It is therefore possible to access the service without using the problematic online form. This circumstance makes it possible to consider that the complainant does not have a personal interest because he does not demonstrate any disadvantage. In the judgment of the Supreme Court, the refusal to process data meant that the complainant in question was unable to obtain a loyalty card from a retailer (that is a real disadvantage): there was no other possibility to obtain the card. 
 

By Edouard Cruysmans and Erik Valgaeren

Team

Related news

05.11.2021 EU law
European Strategy for Data: short analyse of the proposed regulation of data governance (Data Governance Act)

Articles - On 25 November 2020, the European Commission published a proposal for a regulation on data governance  and a related Q&A. On 1st October 2021, the Council of the European Union agreed position on Data Governance Act. That will allow the Council presidency to start negotiations with the European Parliament. Both the Council and the European Parliament will need to agree on the final text. This blog briefly present the proposal of the European Commission.

Read more