The Belgian Data Protection Authority (BDPA) has just published two new decisions by its Litigation Chamber, in widely different cases:
• one relating to a dispute between ex-spouses;
• another imposing a 5000 EUR fine for misuse of a list of personnel of a municipality for electoral purposes (i.e. the third fine related to the misuse of personal data for electoral purposes).
Both illustrate the manner in which data protection is increasingly becoming an additional argument in separate disputes, where the plaintiff is an adversary or even a competitor of the defendant; in the electoral case, the plaintiff was even a legal entity rather than a data subject as is usually the case.
Interestingly, both contain significant considerations in relation to the Litigation Chamber's jurisdiction and the procedure before the BDPA. While the Litigation Chamber has attempted to create a body of case law that is consistent, the ideas it sets out in particular in the spousal dispute decision will likely require further clarification to avoid contradictions or even discrimination between defendants (controllers or processors). As it stands, it seems as though the scope of a complaint or investigation depends on (i) the manner in which a complaint was initially handled and (ii) whether the defendant is a natural person or a legal entity.
Read on to see which questions are examined – and which new ones the answers raise.