Press releases
2022
A new draft law threatens the independence and functioning of the BE DPA
The Belgian data protection authority is concerned about developments that could threaten its independence. These include a preliminary draft law to amend the current BE DPA law, and the lack of resources allocated to it. The DPA has expressed its concerns in an opinion published today, that she also forwarded to the Court of Audit, the Council of State, as well as to the European Commission and the other European supervisors assembled in the European Data Protection Board (EDPB). The BE DPA is of course ready to contribute constructively to the adaptation of the preliminary draft law.
2022
The BE DPA participates in the first European annual coordinated action on the use of cloud by the public sector
Today marks the kick-off of the first coordinated enforcement action of the European Data Protection Board (an independent European body composed of representatives of the EU national data protection authorities). In the coming months, 22 national supervisory authorities across the EEA (including EDPS) will launch investigations into the use of cloud-based services by the public sector, the Belgian DPA participates in this project.
2022
The BE DPA to restore order to the online advertising industry: IAB Europe held responsible for a mechanism that infringes the GDPR
The Belgian DPA has found that the Transparency and Consent Framework (TCF), developed by IAB Europe, fails to comply with a number of provisions of the GDPR. The TCF is a widespread mechanism that facilitates the management of users’ preferences for online personalised advertising, and that plays a pivotal role in the so called Real Time Bidding (RTB). The BE DPA imposed a €250.000 fine to the company, and gives IAB Europe two months to present an action plan to bring its activities into compliance.
2021
Belgian DPA sends its draft decision in the IAB Europe case to European counterparts
The Belgian Data Protection Authority has finalized its draft decision in the case against IAB Europe. Its European counterparts have been notified about this, and now have 4 weeks to provide the BE DPA with potential feedback on the draft.
2021
Facebook case : the CJEU has ruled
The Court of Justice of the European Union ruled today in the case between Facebook and the Belgian Data Protection Authority, which has been ongoing since 2015. According to the CJEU a national supervisory authority may indeed, under certain conditions (provided for in the GDPR), exercise its power to bring an alleged infringement of the GDPR to the attention of the judicial authorities of a Member State, even if this supervisory authority is not the lead authority for that processing. The CJEU also gives a broad interpretation of the powers of the (national) authority who is not lead authority, as advocated by the BE DPA. The BE DPA will now analyse the judgment to better understand its impact on its ongoing case before the Brussels Court of Appeal.