Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Belgium: Belgian DPA imposes €50,000 fine on Rossel & Cie for unlawful use of cookies

The Belgian Data Protection Authority ('Belgian DPA') published, on 16 June 2022, its decision in Decision No. 103/2022 in File No. DOS-2020-02998, in which it imposed a fine of €50,000 on SA Rossel & Cie ('Groupe Rossel') , a press group, for violations of Articles 6(1)(a), 4(11), 7(1), 7(3), 12(1), 13, and 14 of the GDPR. 

Background to the case

In particular, the Belgian DPA noted that the case concerned the press group's management of non-essential cookies on several of its websites, whereby according to the investigation carried out by the Belgian DPA's Inspection Service, visitors' consent had not been lawfully obtained in connection with the use of such cookies. 

Findings of the Belgian DPA

Notably, the Belgian DPA found that Groupe Rossel had used non-essential cookies before the collection of valid consent from website users, including cookies placed by third party domains in violation of Article 6(1)(a) of the GDPR. Furthemore, the Belgian DPA also found that Groupe Rossel had unlawfully obtained user consent by using the 'further browsing' technique, whereby it had unlawfully coupled the users' expression of cookie consent with the choice to continue to the website, contrary to Articles 4(11) and 7(1) of the GDPR, and in violation of Article 6(1)(a) of the GDPR. Additionally, the Belgian DPA stated that Groupe Rossel's placement of further cookies on its websites without an appropriate justification, after user consent had been withdrawn, constituted a violation of Article 7(3) of the GDPR. Moreover, the Belgian DPA noted that Groupe Rossel's cookie policy, on the relevant websites, was incomplete as it failed to include mandatory information on the names of all of its third party partners, and was not provided in a sufficiently accessible manner in violation of Articles 12(1), 13, and 14 of the GDPR. 


As such, the Belgian DPA imposed a fine of €50,000 on Groupe Rossel for the aforementioned violations, and ordered the publication of the decision on its website. Lastly, the Belgian DPA stated that the decision may be appealed within 30 days of its notification.

You can read the decision, available in French here and in Dutch here.

UPDATE (21 June 2022)

Belgian DPA responds to media article regarding fine

The Belgian DPA issued, on 21 June 2022, clarifications in response to an article published in Le Soir newspaper on the fine that the Belgian DPA had imposed on Groupe Rossel in the decision. In particular, the Belgian DPA stated that the article included several pieces of information that were either taken out of context or incorrect, which it would like correct. In this regard, the Belgian DPA noted the following:

  • the internal Belgian DPA memo, stating that control over Dutch-speaking public media websites is the responsibility of the Flemish supervisory commission, has not been followed and was issued prior to the appointment of the Management Committee, and does not reflect the current position;
  • in response to the statement that the Belgian DPA had launched only a few ex officio investigations, the Belgian DPA noted that, in the period from 2018 to 2021, 58 of 450 investigations were launched by the Belgian DPA or the Inspection Service itself; and 
  • in response to the statement that the Belgian DPA had not acted officially to insist its competence for the supervision of Flemish public bodies, the Belgian DPA stated that it has reminded authorities (particuarly the Flemish and federal authorities) of the obligation for each assembly and government to submit to it, for an opinion, its draft texts relating to the processing of personal data. 

You can read the repsonse, available in French here and in Dutch here.