Belgian data protection watchdog sends controversial ‘message’ with regard to non-profit data controllers.

An interesting GDPR enforcement case came from Belgium in late May. Imagine that a data controller is sending unsolicited postal communications and ignoring data subject rights to object (Article 21) and to be forgotten (Article 17). On top of that, it misidentified legal basis and relied on the legitimate interest instead of consent (of course, no balancing exercises have been conducted and no safeguards have been put in place).

What could happen to such a data protection ‘nihilist’? Article 83(5) suggests that its DPO may start looking for another job. However, things may go upside down if the controller is a… non-profit organisation. 

Not to keep an unnecessary suspense, the data controller in the case above was fined mere 1000 EUR (nope, I did not miss additional ‘zeros’). Of course, factoring in that it was the first case against this organisations and that the controller is a non-profit organisation with no regular turnover.

This all may be well true, but it seems that such ‘enforcement’ naturally tears the fabric of the GDPR as it factually gives all non-profit organisations carte blanche to violate ‘tastefully’ for their first time.

More details on this case:

The right to be forgotten

There is much chit-chat going on concerning ‘the right to be forgotten’. Much is linked to the digital footprint that you leave behind you. There is a good essay referenced by The Technology Liberal Front that you can read more on. It looks at both angles, not just ‘the right to be forgotten’ but also what happens if everything is forgotten! There is after all much that we do NOT want to forget. You know great achievements, great people, an accurate history, not digitally rewritten as in Orwell’s 1984 😉

Whatever you post online as a persistence value that is difficult to control, at least today after it has been shared online. I’ve said many times before, it is best to post/share only what you are comfortable for the world to see. One should always consider with every word, photo, video one shares, what happens if it gets out in the wild and it has your name on it? How can you get this back, and will you be able to repair any damage that your digital footprint could cause?