Belgium: Mayor violates GDPR for voting campaigns
An architect came into contact with a mayor in the process of a subdivision modification. On this occasion, the architect transmitted multiple Email addresses of compliants to the mayor’s office. On the day before communal elections, the mayor used the “reply” feature to send an electoral message to said compliants.
According to the GDPR, any data is only allowed to be processed in association with the task it was originally obtained for. The mayor recieved the Email addresses as part of a subdivision modification. Any use of these Email addresses is, without additional consent by the owners of these addresses, illegal. As a result, the Data Protection Authority fined the mayor for 2.000€. Even though the fine is small, it sends a message. Data controllers have to be carefull with the data they recieve. This also applies to those that work in public positions.
Sources: Data Protection Authority
Type of Issue:
Illegal data processing
Number of involved data records:
Special category of data involved:
Violation of GDPR Paragraph:
5. Principles relating to personal data processing
6. Lawfulness of processing