fbpx

Download free GDPR compliance checklist!

Tag Archives for " Belgium "

Digital fingerprints on ID cards – no violation of the right to privacy, says Belgian Constitutional Court

On 14 January 2021, the Belgian Constitutional Court delivered a  judgment on the legality of the integration of the digital format of two fingerprints in ID cards, introduced through Article 27 of the Belgian law of 25 November 2018.

After a balancing of interests, the Court ruled that the inclusion of digital fingerprints on ID cards does not violate the fundamental right to respect for private life, thereby providing clarity on a heavily criticized matter and setting an important precedent.

Source: Belgium: Digital fingerprints on ID cards – no violation of the right to privacy according to the Belgian Constitutional Court – Privacy Matters

Class Actions in Belgium – the next level in GDPR enforcement

In Belgium a tangible risk now exists for collective redress actions as Belgian law contains a comprehensive – and from a European perspective – unique class action scheme in its Code of Economic Law.

Since NOYB – the non-profit organisation of activist Max Schrems – has been granted the status of ‘group representative’ by a Ministerial Decree last September 2020, this new type of private privacy watchdogs should be factored into your enforcement risk assessment.

The Belgian collective redress scheme allows a group of consumers (or SMEs) to claim, in their personal capacity, damages suffered as a result of a common cause. The causes that may be invoked concern breaches by a company of its contractual obligations or infringements of (among others) the GDPR and the Belgian cookie rules.

Source: Belgium: Class Actions in Belgium – the next level in GDPR enforcement

Belgian DPA to Take Down Websites Infringing GDPR

Belgian Data Protection Authority signed a cooperation agreement with DNS Belgium. The purpose of the cooperation agreement is to allow DNS Belgium to suspend “.be” websites that are linked to infringements of the GDPR.

The “Notice and Action” procedure is only available for infringements that cause very serious harm and are committed by natural or legal persons who deliberately infringe the law or who continue data processing activity despite a prior order by the Investigation Service or the Litigation Chamber of the Belgian DPA to suspend, limit, freeze (temporarily) or end the processing activity.

Source: Belgian DPA to Take Down Websites Infringing GDPR | Privacy & Information Security Law Blog

NOYB Approved to File Class Actions and Claim Damages in Front of Belgian Courts

On October 29, 2020, the non-governmental organization co-founded by privacy activist Max Schrems, None of Your Business (NOYB), announced it can now file representative actions and claim damages on behalf of consumers for violations of various laws regarding consumer protection (including data protection law) in Belgium.

The Belgian Minister of Employment, Economy and Consumer Affairs approved NOYB as a qualified entity under the collective action scheme set forth in the Belgian Economic Code. This approval comes in anticipation of the implementation of the Collective Redress Directive, which is expected by 2022 and requires each EU Member State to provide for a collective redress mechanism.

Source: NOYB Approved to File Class Actions and Claim Damages in Front of Belgian Courts

IAB Europe’s ad tracking consent framework found to fail GDPR standard

A flagship framework for gathering Internet users’ consent for targeting with behavioral ads — which is designed by ad industry body, the IAB Europe — fails to meet the required legal standards of data protection, according to findings by its EU data supervisor.

The Belgian DPA’s investigation follows complaints against the use of personal data in the real-time bidding (RTB) component of programmatic advertising which contend that a system of high velocity personal data trading is inherently incompatible with data security requirements baked into EU law.

Source: IAB Europe’s ad tracking consent framework found to fail GDPR standard | TechCrunch

Facebook, Belgian Data-Protection Watchdog Face Off at EU High Court

The European Union faced some tough questions as it defended Facebook at the EU high court Monday, in a case over which country’s data-protection agency can go after the social media giant.

The Court of Justice of the European Union heard arguments Monday on whether Belgium can go after social media giant Facebook for data privacy violations. The Belgian Data Protection Authority wants Facebook to stop tracking Belgians via cookies, but both the EU and Facebook argued the agency doesn’t have the right to do so.

Source: Facebook, Belgian Data-Protection Watchdog Face Off at EU High Court

CJEU ruling puts in danger EU-UK adequacy talks

This week, the CJEU issued a ruling that could spring a leak and potentially sink adequacy negotiations between the U.K. and EU.

CJEU ruled to restrict surveillance activities on phone and internet data by EU member states but specifically to regimes in Belgium, France and the U.K. The decision means governments have limited grounds for mass data retention unless they face a “serious threat to national security.” Additionally, access to phone and internet data, as well as the duration of that access, should be determined based on necessity.

The U.K. is chief among those affected by the court’s ruling as the clock winds down on its Brexit transition period, which is set to expire with or without an adequacy decision from the EU December 31. Doubts about an adequacy agreement already loomed, but the latest CJEU ruling further clouds a potential deal.

Source: CJEU throws wrinkle into EU-UK adequacy talks

Belgian DPA asks EU court for permission to take regulatory action against Facebook

The Belgian Data Protection Authority (DPA) is appearing at the Court of Justice of the European Union (CJEU) in Luxemburg in a bid to gain regulatory action against Facebook.

The Belgian privacy watchdog is seeking agreement from the court that the local DPA has the regulatory authority under GDPR to rule on violations against Facebook users in Belgium.

Source: Belgian DPA asks EU court for permission to take regulatory action against Facebook

Belgian DPA imposes a €600,000 fine on Google Belgium for non-compliance with right to be forgotten

On 14 July 2020, the Belgian DPA imposed a fine of EUR600,000 on Google Belgium SA/NV (Google Belgium) for not respecting a Belgian resident’s right to be forgotten. This is the highest fine ever imposed by the Belgian DPA.

The complainant, an executive at an unnamed large company, had requested the removal of 12 URLs which he considered to be harmful to his reputation. These URLs concerned, on the one hand, search results regarding alleged links with a certain political party, and on the other hand, a harassment complaint declared unfounded in 2010. As Google had refused to remove several of the concerned links, the complainant referred the case to the Belgian DPA.

Source: Belgium: Belgian DPA imposes a EUR600,000 fine, its highest fine ever, on Google Belgium for non-compliance with right to be forgotten

Belgian Data Protection Authority Imposes Fine on Non-Profit Organization for Unlawful Direct Marketing Practices

On May 29, 2020, the Litigation Chamber of the Belgian Data Protection Authority  imposed a fine of €1,000 on a non-profit organization.

The decision followed a complaint filed by an individual who continued to receive promotional materials from the organization after he had objected to the processing of his contact details for direct marketing purposes and had requested that the organization erase his data from its database.

Source: Belgian Data Protection Authority Imposes Fine on Non-Profit Organization for Unlawful Direct Marketing Practices

1 2 3 5
>