The Belgian Data Protection Authority APD has imposed substantial fines on two local airports for violating privacy law when they imposed temperature checks on passengers at the beginning of the COVID-19 pandemic in 2020.
The airports, based in Zaventem (BRU) and Charleroi (CRL), face fines of €200,000 and €100,000, respectively for carrying out temperature checks on passengers and violating General Data Protection Regulation (GDPR).
According to an official statement from the APD dated April 4, 2022, the airports had violated the privacy of travelers when processing data related to their health, which is considered “sensitive” under European Union law.
The APD observed that thermal cameras installed in both airports made it possible to filter people with a temperature of more than 38°C.The checks at Charleroi airport took place from June 2020 to March 2021, while the same procedure was applied at Zaventem airport between June 2020 to January 2021.
However, the APD notes that both airports “lacked a valid legal basis” for processing the data.
“Since data of this type is sensitive data, it cannot in principle be processed, except in a very limited number of exceptions,” the privacy authority wrote in the statement.
“This decision highlights the importance of carrying out an impact analysis in a rigorous and complete manner, and this before setting up the processing of data likely to create a risk for the people. Prevention is better than cure is a principle that is also very important in the field of data protection,” APD President David Stevens said.
Passenger temperature checks at Charleroi airport took place from June 2020 to March 2021, while the same procedure was applied at Zaventem airport between June 2020 to January 2021.