Details:
| Summary | The Belgian DPA has fined Ambuce Rescue Team EUR 20,000. The fine is related to the fines against Brussels Airport Charleroi and Brussels Airport Zaventem.
Due to the Covid 19 pandemic, the airports used thermal imaging cameras to filter out people with body temperatures above 38 degrees. Those filtered out were then asked to answer questions about possible coronavirus symptoms. In this process, Ambuce Rescue Team provided the questionnaires. Specifically, the DPA found that there was no valid legal basis for processing this health data. Health data are sensitive data in the sense of Art. 9 GDPR. These may only be processed in exceptional cases pursuant to Art. 9 (2) GDPR. One such exceptional case is processing on the grounds of public interest in the area of public health. For this, however, the processing must be based on a clear legal norm. In the cases at hand, the processing was based on a protocol that did not meet these requirements. |
| Link: | link |
| Related articles: | Art. 5 GDPR, Art. 6 GDPR, Art. 9 GDPR |
| Type: | Insufficient legal basis for data processing |
| Fine: | EUR 20,000 |
| Sector | Industry and Commerce |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/