The Belgian Data Protection Authority APD has fined two local airports for breaking privacy laws when they required passengers to undergo temperature checks during the start of the COVID-19 epidemic in 2020.
For conducting temperature checks on passengers and violating the General Data Protection Regulation, the airports in Zaventem (BRU) and Charleroi (CRL) face fines of €200,000 and €100,000, respectively (GDPR).
The airports had infringed the privacy of tourists by processing data connected to their health, which is considered “sensitive” under European Union law, according to an official statement from the APD dated April 4, 2022.
Thermal cameras installed in both airports, according to the APD, allowed anyone with a temperature of moreover 38°C to be filtered out.
The checks were performed at Charleroi airport from June 2020 to March 2021, and at Zaventem airport from June 2020 to January 2021.
Both airports, however, “lacked a solid legal basis” for processing the data, according to the APD.
“Since data of this type is sensitive data, it cannot in principle be processed, except in a very limited number of exceptions,” the privacy authority wrote in the statement.
“This decision highlights the importance of carrying out an impact analysis in a rigorous and complete manner, and this before setting up the processing of data likely to create a risk for the people. Prevention is better than cure is a principle that is also very important in the field of data protection,” APD President David Stevens said.
Passenger temperature checks were conducted at Charleroi airport between June 2020 and March 2021, and at Zaventem airport between June 2020 and January 2021.