The Belgian Data protection authority today declared unlawful, and decided to prohibit, the transfers of personal data of Belgian “Accidental Americans” by the Belgian Federal Public Service Finance (FPS Finance) to the US tax authorities under the intergovernmental FATCA agreement. According to the Belgian DPA, the data processing carried out under this agreement does not comply with all the principles of the GDPR, including the rules on data transfers outside the EU. It also asks the FPS Finance to alert the competent legislator of the shortcomings identified by the DPA.
The Market Court decided today to refer preliminary questions to the Court of Justice of the European Union in the appeal that IAB Europe had filed against decision 21/2022 of the Belgian Data Protection Authority (BE DPA).
The Belgian data protection authority is concerned about developments that could threaten its independence. These include a preliminary draft law to amend the current BE DPA law, and the lack of resources allocated to it. The DPA has expressed its concerns in an opinion published today, that she also forwarded to the Court of Audit, the Council of State, as well as to the European Commission and the other European supervisors assembled in the European Data Protection Board (EDPB). The BE DPA is of course ready to contribute constructively to the adaptation of the preliminary draft law.
The BE DPA participates in the first European annual coordinated action on the use of cloud by the public sector
Today marks the kick-off of the first coordinated enforcement action of the European Data Protection Board (an independent European body composed of representatives of the EU national data protection authorities). In the coming months, 22 national supervisory authorities across the EEA (including EDPS) will launch investigations into the use of cloud-based services by the public sector, the Belgian DPA participates in this project.
The BE DPA to restore order to the online advertising industry: IAB Europe held responsible for a mechanism that infringes the GDPR
The Belgian DPA has found that the Transparency and Consent Framework (TCF), developed by IAB Europe, fails to comply with a number of provisions of the GDPR. The TCF is a widespread mechanism that facilitates the management of users’ preferences for online personalised advertising, and that plays a pivotal role in the so called Real Time Bidding (RTB). The BE DPA imposed a €250.000 fine to the company, and gives IAB Europe two months to present an action plan to bring its activities into compliance.