Support Centre

Belgium: Belgian DPA fines non-profit organisation €1,000 for unlawful direct marketing practices

The Belgian Data Protection Authority ('Belgian DPA') issued, on 29 May 2020, a decision ('the Decision') fining a non-profit organisation €1,000, following a complaint concerning the repeated receipt of direct marketing by post, despite the applicant having exercised their right to erasure and right to object. In particular, the Decision outlines that the organisation maintained that it relied upon the legitimate interest of marketing to previous donors for the purpose of fundraising as the legal basis for the processing of personal data and not on the explicit consent of the data subject. However, the Decision finds that the interests of the controller did not outweigh the fundamental rights and freedoms of the data subject and the data subject did not reasonably expect the processing to take place for the purpose of fundraising.

Specifically, the Decision notes that the data controller must clearly state the right to object, in clear and unambiguous language and that any objection should be respected immediately and without any additional investigations. Therefore, the Decision states that the organisation had only included this information in the privacy policy which constitutes a violation of Articles 6(1) and 21(4) of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). In addition, the Decision indicates that, in the calculation of the fine, it considered, among other things, that the marketing continued for at least five months from the latest request for erasure and that the defendant is a non-profit organisation with a limited turnover.

You can read the Decision, only available in Dutch, here.